Changeset 861

LATMOS-Accounts-Web/Changes

-                      r94
+                      r861
 This file documents the revision history for Perl extension LATMOS::Accounts::Web.
+.0.0
+    - add support of nethost/netzone object
+    - add a "My" page in user page listing object they own
+    - add icons to quickly identify user's account status in list (temporary,
+      expired, unexported)
+    - add a department page in group page with a realistic view of the current
+      people in the department. The section appear only when group have
+      sutype=dpmt
+    - add link to objects when attributes have reference
 .01  2009-05-12 03:23:51
         - initial revision, generated by Catalyst
+    - initial revision, generated by Catalyst

LATMOS-Accounts-Web/MANIFEST

-                      r757
+                      r861
 Changes
+MANIFEST
+MANIFEST.skip
 Makefile.PL
 README
 etc/httpd/latmos-accounts-web.conf
 etc/init.d/latmos-accounts-web
-inc/Module/AutoInstall.pm
-inc/Module/Install/AutoInstall.pm
-inc/Module/Install/Base.pm
-inc/Module/Install/Can.pm
-inc/Module/Install/Catalyst.pm
-inc/Module/Install/Fetch.pm
-inc/Module/Install/Include.pm
-inc/Module/Install/Makefile.pm
-inc/Module/Install/Metadata.pm
-inc/Module/Install/Scripts.pm
-inc/Module/Install/Win32.pm
-inc/Module/Install/WriteAll.pm
-inc/Module/Install.pm
 latmos-accounts-web.spec.in
 latmos_accounts_web.yml.in
 lib/Catalyst/Authentication/Credential/La.pm
+lib/LATMOS/Accounts/Web/Controller/About.pm
 lib/LATMOS/Accounts/Web/Controller/Ajax.pm
 lib/LATMOS/Accounts/Web/Controller/Aliases.pm
 lib/LATMOS/Accounts/Web/Controller/Create.pm
 lib/LATMOS/Accounts/Web/Controller/Groups.pm
+lib/LATMOS/Accounts/Web/Controller/MassEdit.pm
+lib/LATMOS/Accounts/Web/Controller/NetHosts.pm
+lib/LATMOS/Accounts/Web/Controller/NetZones.pm
 lib/LATMOS/Accounts/Web/Controller/Root.pm
 lib/LATMOS/Accounts/Web/Controller/Sites.pm
 …
 lib/LATMOS/Accounts/Web.pm
 root/favicon.ico
+root/html/about/index.tt
 root/html/ajax/attrvalues.tt
 root/html/ajax/check_new_name.tt
 root/html/ajax/check_ug_validity.tt
 root/html/ajax/cracklib.tt
+root/html/ajax/displayattr.tt
 root/html/ajax/objattrexist.tt
 root/html/ajax/objexist.tt
 root/html/ajax/rawattr.tt
+root/html/ajax/select_freeip_select.tt
 root/html/aliases/index.tt
+root/html/create/group.tt
+root/html/create/user.tt
+root/html/create/default.tt
 root/html/default.tt
 root/html/departments/default.tt
 …
 root/html/departments/menu.tt
 root/html/groups/default.tt
+root/html/groups/dpmt.tt
 root/html/groups/index.tt
 root/html/groups/menu.tt
 …
 root/html/login.tt
 root/html/logout.tt
+root/html/massedit/index.tt
+root/html/nethosts/default.tt
+root/html/nethosts/index.tt
+root/html/nethosts/menu.tt
+root/html/netzones/default.tt
+root/html/netzones/index.tt
+root/html/netzones/menu.tt
 root/html/no_object.tt
 root/html/sites/default.tt
 …
 root/html/users/mail.tt
 root/html/users/menu.tt
+root/html/users/my.tt
 root/html/users/passwd.tt
+root/static/icons/add.png
+root/static/icons/appointment-new.png
+root/static/icons/appointment-soon.png
 root/static/icons/arrow-right.png
+root/static/icons/avatar-default.png
+root/static/icons/changes-prevent.png
 root/static/icons/dialog-cancel.png
+root/static/icons/dialog-password.png
+root/static/icons/document-save-as.png
+root/static/icons/document-save.png
+root/static/icons/emblem-urgent.png
+root/static/icons/icon_edit.png
+root/static/icons/expired.png
+root/static/icons/gnome-session-logout.png
+root/static/icons/gnome-stock-mail-snd.png
+root/static/icons/gtk-about.png
+root/static/icons/gtk-cancel.png
+root/static/icons/gtk-close.png
+root/static/icons/gtk-delete.png
+root/static/icons/gtk-go-back-ltr.png
+root/static/icons/gtk-go-back-rtl.png
+root/static/icons/gtk-goto-first-ltr.png
+root/static/icons/gtk-goto-first-rtl.png
+root/static/icons/gtk-home.png
+root/static/icons/gtk-jump-to-rtl.png
+root/static/icons/locked.png
+root/static/icons/mail_forward.png
+root/static/icons/network-workgroup.png
+root/static/icons/preferences-desktop-wallpaper.png
+root/static/icons/stock_smiley-22.png
+root/static/icons/system-config-users.png
+root/static/icons/system-users.png
 root/static/icons/user-group-delete.png
 root/static/icons/user-group-new.png
 root/static/icons/user-group-properties.png
+root/static/icons/user-info.png
+root/static/icons/user-invisible.png
 root/static/icons/user-properties.png
+root/static/icons/video-display.png
 root/static/icons/view-calendar-day.png
+root/static/icons/view-media-artist.png
+root/static/icons/xfce-internet.png
 root/static/images/btn_120x50_built.png
 root/static/images/btn_120x50_built_shadow.png
 …
 root/static/images/mail-mark-important.png
 root/static/images/process-stop.png
-root/static/images/view-media-artist.png
 root/static/images/view-pim-contacts.png
 root/static/js/CalendarPopup.js
 …
 t/02pod.t
 t/03podcoverage.t
+t/controller_About.t
 t/controller_Ajax.t
 t/controller_Aliases.t
 …
 t/controller_Groups.t
 t/controller_MassEdit.t
+t/controller_NetHost.t
 t/controller_Sites.t
 t/controller_Users.t

LATMOS-Accounts-Web/Makefile.PL

-                      r552
+                      r861
 all_from 'lib/LATMOS/Accounts/Web.pm';
 requires 'Catalyst' => '5.7015';
+#requires 'Catalyst' => '5.7015';
 requires 'Catalyst::Plugin::ConfigLoader';
 requires 'Catalyst::Plugin::Static::Simple';
 …
 install_script glob('script/*.pl');
+auto_install;
+WriteAll;
+#auto_install;
+WriteMakefile(
+    macro => {
+        DESTRPMDIR => '$(shell pwd)',
+    },
+);
 package MY;
 …
 sub postamble {
     <<EOF;
 .PHONY .= svnmanifest
+# .PHONY .= svnmanifest
 svnmanifest:
 …
 rpm: \$(DISTVNAME).tar.gz latmos-accounts-web.spec
 \tmkdir ./noarch || :
+\tmkdir \$(DESTRPMDIR)/noarch || :
 \trpmbuild -ba --clean\\
 \t --define "_sourcedir `pwd`" \\
 \t --define "_specdir `pwd`" \\
+\t --define "_srcrpmdir `pwd`" \\
+\t --define "_rpmdir `pwd`" \\
+\t --define "_srcrpmdir \$(DESTRPMDIR)" \\
+\t --define "_rpmdir \$(DESTRPMDIR)" \\
+\t latmos-accounts-web.spec
+svnrpm: \$(DISTVNAME).tar.gz latmos-accounts-web.spec
+\tmkdir \$(DESTRPMDIR)/noarch || :
+\trpmbuild -ba --clean\\
+\t --define "_sourcedir `pwd`" \\
+\t --define "_specdir `pwd`" \\
+\t --define "_srcrpmdir \$(DESTRPMDIR)" \\
+\t --define "_rpmdir \$(DESTRPMDIR)" \\
+\t --define "svnrelease `LC_ALL=C svn info | grep '^Revision:' | sed 's/Revision: //'`" \\
 \t latmos-accounts-web.spec

LATMOS-Accounts-Web/latmos-accounts-web.spec.in

-                      r737
+                      r861
 %define name       latmos-accounts-web
 %define version    @VERSION@
 %define release    %mkrel 1
+%define release    %mkrel %{?svnrelease:0.%{svnrelease}}%{?!svnrelease:1}
 Name:       %{name}
 …
 fi
+%triggerpostun -- latmos-accounts
+/sbin/service %name restart
 %files
 %defattr(-,root,root)

LATMOS-Accounts-Web/latmos_accounts_web.yml.in

r97	r861
1	1	---
2	2	name: LATMOS::Accounts::Web
	3	# config: /etc/latmos-accounts/latmos-accounts.ini
	4	# company: COMPANY NAME

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web.pm

-                      r860
+                      r861
     /;
 our $VERSION = '0.0.11';
+our $VERSION = '2.0.0';
 # Configure the application.
+#
+# Note that settings in LATMOS::Accounts::Web.yml (or other external
+# configuration file that you set up manually) take precedence
+# over this when using ConfigLoader. Thus configuration
+# details given here can function as a default configuration,
+# with a external configuration file acting as an override for
+# local deployment.
+my $config_file = '/etc/latmos-accounts/latmos-accounts-web.yml';
+if (-r $config_file ) {
+    __PACKAGE__->config( 'Plugin::ConfigLoader' => {
+            file => $config_file
+        }
+    );
+}
 # http://stackoverflow.com/questions/1664816/is-there-a-way-to-force-c-urifor-in-catalyst-to-generate-a-uri-that-begins-wit

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Controller.pm

-                      r718
+                      r861
     if (!$c->user_exists) {
+        if ($c->req->path ne 'login') {
+            $c->forward('/login');
+        # No need to login for About section
+        if ($c->namespace ne 'about') {
+            if ($c->req->path ne 'login') {
+                $c->forward('/login');
+            }
+            return;
+        }
     } else {
+        $c->model('Accounts')->db->connect($c->user->{username},
+        $c->model('Accounts')->db->connect(
+            $c->user->{username},
             $c->user->{password});
+    }
-    my $menu = '';
-    my @menus = (
-        [ 'users' => 'Utilisateurs' ],
-        ($c->model('Accounts')->db->check_acl('user', '@CREATE', 'w')
-            ? [ 'create/user' => 'Nouvel Util.' ]
-            : ()),
-        [ 'groups' => 'Groupes' ],
-        ($c->model('Accounts')->db->check_acl('group', '@CREATE', 'w')
-            ? [ 'create/group' => 'Nouveau Groupe' ]
-            : ()),
-        [ 'sites' => 'Sites' ],
-        [ 'aliases' => 'Alias Mail' ],
-    );
-    foreach(@menus) {
-        $menu .= sprintf(
-            q{<a href="%s"><span%s>%s</span></a>},
-            $c->uri_for('/' . $_->[0]),
-            ($c->req->path =~ m:^$_->[0]: ? ' id="actif"' : ''),
-            $_->[1],
-        );
+    }
-    $c->stash->{mainmenu} = $menu;
+}

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Controller/Ajax.pm

-                      r755
+                      r861
+}
+sub displayattr : Local {
+    my ($self, $c, $otype) = @_;
+    my $attribute = $c->model('Accounts')->db->attribute($otype,
+        $c->req->param('attr')) or return;
+    $c->stash->{value} = $attribute->display($c->req->param('id'));
+}
 sub attrvalues : Local {
     my ($self, $c, $otype, $attr) = @_;
 …
     $c->stash->{'exists'} = join(', ', $obj->get_attributes($c->req->param('attr') ||
             'displayName')) if($obj);
+            'displayName') || $obj->id) if($obj);
+}
 …
     my ($self, $c, $otype, $attr) = @_;
     my $base = $c->model('Accounts')->db;
+    my $val = $c->req->param('val');
+    my $attribute = $base->attribute($otype, $attr) or return;
+    my $val = $attribute->input($c->req->param('val'));
     my @obj = $val ? $base->search_objects($otype, "$attr=$val") : ();
 …
+}
+sub select_freeip_select : Local {
+    my ($self, $c) = @_;
+}
+sub goto : Local {
+    my ($self, $c) = @_;
+    $c->res->redirect(
+        $c->uri_for('/' . $c->req->param('otype') . 's', $c->req->param('goto'),
+        $c->req->param('subform'))
+    );
+    $c->stash->{template} = 'no_object.tt';
+}
 sub end : Private {
     my ( $self, $c ) = @_;

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Controller/Aliases.pm

r641	r861
29	29	my @name = $c->req->param('name');
30	30	my @forward = $c->req->param('forward');
	31	$c->stash->{page}{title} = "Gestion des alias";
31	32	foreach my $idx (0 .. scalar(@name) - 1) {
32	33

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Controller/Create.pm

-                      r765
+                      r861
 use base 'LATMOS::Accounts::Web::Controller';
 use LATMOS::Accounts::Utils;
+use LATMOS::Accounts::Log;
 =head1 NAME
 …
+}
+sub user : Local {
+    my ( $self, $c ) = @_;
+sub default : LocalPath {
+    my ($self, $c, undef, $otype ) = @_;
     my $base = $c->model('Accounts')->db;
+    $c->stash->{form} = $c->model('AttrForms', undef, 'user', $base);
+    for ($c->req->param('step') || '') {
+        /^1$/ and do {
+            $c->stash->{step} = 2;
+            my $acc = $c->model('Accounts')->accounts;
+            foreach ($acc->Parameters('_defattr_')) {
+                if (/^user\.(.*)/) {
+                    $c->req->params->{$1} ||= $acc->val('_defattr_', $_);
+                }
+            }
+            $c->req->params->{exported} = 1;
+            if (! $c->req->params->{id}) {
+                for (1) {
+                    my $login;
+                    if ($c->req->param('sn')) {
+                        $login = lc(to_ascii($c->req->param('sn')));
+                        length($login) > 10 and $login = substr($login, 0, 8);
+                        $base->get_object('user', $login) or do {
+                            $c->req->params->{id} = $login;
+                            last;
+                        };
+                        if ($c->req->param('givenName')) {
+                            length($login) > 8 and $login = substr($login, 0, 8);
+                            $login .= substr(lc(to_ascii($c->req->param('givenName'))), 0, 1);
+                            $base->get_object('user', $login) or do {
+                                $c->req->params->{id} = $login;
+                                last;
+                            };
+                        }
+                    }
+                }
+                my $mailid = $c->req->params->{givenName} && $c->req->params->{sn}
+                ? sprintf('%s.%s',
+                    to_ascii(lc($c->req->params->{givenName})),
+                    to_ascii(lc($c->req->params->{sn})),)
+                : undef;
+                if ($mailid &&
+                    $base->is_supported_object('aliases') &&
+                    ! $base->get_object('aliases', $mailid)) {
+                    if ($base->get_field_name('user', 'mail', 'write')) {
+                        if ($base->{defattr}{'user.maildomain'}) {
+                            $c->req->params->{mail} ||= sprintf('%s@%s',
+                                $mailid,
+                                $base->{defattr}{'user.maildomain'});
+                        }
+                    }
+                    if ($base->get_field_name('user', 'aliases', 'write')) {
+                        $c->req->params->{aliases} ||= $mailid;
+                    }
+                    warn $base->get_field_name('user', 'revaliases', 'write');
+                    if ($base->get_field_name('user', 'revaliases', 'write')) {
+                        $c->req->params->{revaliases} ||= $mailid;
+                    }
+                }
+            }
+            last;
+        };
+        /^2$/ and do {
+            $c->stash->{step} = 2;
+            $c->req->params->{id} or return;
+            $base->get_object('user', $c->req->params->{id}) and do {
+                $c->stash->{idexists} = 1;
+                return;
+            };
+            $base->create_c_object('user', $c->req->params->{id},
+                %{ $c->req->params },
+                exported => $c->req->param('exported') ? 1 : 0,
+            ) or return;
+            $base->commit;
+            $c->res->redirect($c->uri_for('/users', $c->req->params->{id}));
+            last;
+        };
+    my ($step) = $c->req->param('step');
+    my $form = $c->model('AttrForms', undef, $otype, $base);
+    my ($status, $info);
+    $c->stash->{page}{title} = "Ajouter un objet / $otype";
+    if ($step) {
+        $info = $c->session->{ochelper};
+    }
+    if ($info->{name}{ask}) {
+        $info->{name}{content} = $c->req->param('_name');
+    }
+    foreach my $attr (@{$info->{ask} || []}) {
+        $info->{contents}{$attr} = $c->req->param($form->attr_field_name($attr));
+    }
+    my $ochelper = $base->ochelper($otype);
+    ($status, $info) = $ochelper->step($info);
+    if ($status eq 'CREATED') {
+        $base->commit;
+        $c->res->redirect($c->uri_for('/' . $otype . 's',
+                $info->{name}{content}));
+    } elsif ($status eq 'ERROR') {
+        # On error, restart the process
+        $c->stash->{page}{error} =
+            'Erreur lors de la crÃ©ation de l\'objet: ' .
+            LATMOS::Accounts::Log::lastmessage(LA_ERR);
+        foreach my $attr (@{$info->{ask} || []}) {
+            $c->req->params->{$form->attr_field_name($attr)} = $info->{contents}{$attr};
+        }
+        $info->{step} = 0; # reset
+        ($status, $info) = $ochelper->step($info);
+    } else {
+        foreach my $attr (@{$info->{ask} || []}) {
+            $c->req->params->{$form->attr_field_name($attr)} = $info->{contents}{$attr};
+        }
+    }
+    $c->stash->{form} = $form;
+    $c->stash->{ochelper} = $info;
+    $c->session->{ochelper} = $info;
+}
-sub group : Local {
-    my ( $self, $c ) = @_;
-    my $base = $c->model('Accounts')->db;
-    $c->stash->{form} = $c->model('AttrForms', undef, 'group', $base);
-    if (!exists($c->req->params->{id})) {
-        $c->req->params->{exported} = 1;
+    }
-    if ($c->req->params->{id}) {
-        $base->get_object('group', $c->req->params->{id}) and do {
-            $c->stash->{idexists} = 1;
-            return;
-        };
-        $base->create_c_object('group', $c->req->params->{id},
-            %{ $c->req->params },
-            exported => $c->req->param('exported') ? 1 : 0,
-        ) or return;
-        $base->commit;
-        $c->res->redirect($c->uri_for('/groups', $c->req->params->{id}));
+    }
+}
 =head1 AUTHOR

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Controller/Groups.pm

-                      r718
+                      r861
     $c->stash->{ofilter} = $c->model('AttrFilter', 'group');
     $c->stash->{groupslist} = [  map { $_->id } @{ $c->stash->{objectslist} } ];
+    $c->stash->{page}{title} = "Liste des groupes";
+}
 …
     my $base = $c->model('Accounts')->db;
+    $c->stash->{page}{title} = "Groupe :: $groupname";
     $c->stash->{groupname} = $groupname;
     $c->stash->{group} = $base->get_object('group', $groupname) or do {
 …
             last;
         };
+        /^dpmt$/ and do {
+            $c->stash->{template} = 'groups/dpmt.tt';
+            my @filter = ();
+            push(@filter, 'active=*') if (!$c->req->param('inactive'));
+            push(@filter, 'mail=*') if ($c->req->param('mail'));
+            push(@filter, 'company=' . $c->req->param('company')) if
+                ($c->req->param('company'));
+            $c->stash->{dpmt} = $groupname;
+            $c->stash->{odpmt} = $c->stash->{group};
+            $c->stash->{user} = [ $base->search_objects('user',
+                    'department=' . $c->stash->{dpmt},
+                    @filter,
+                ) ];
+            foreach my $u ($base->search_objects('user',
+                    'memberOf=' . $c->stash->{dpmt},
+                    @filter,
+                )) {
+                push(@{$c->{stash}->{guser}}, $u)
+                unless(grep { $u eq $_ } @{$c->stash->{user}});
+            }
+            last;
+        };
         $c->stash->{form} = $c->model('AttrForms', 'group' . $c->stash->{subform}, $c->stash->{group});

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Controller/Sites.pm

-                      r718
+                      r861
     $c->stash->{ofilter} = $c->model('AttrFilter', 'site');
     $c->stash->{siteslist} = [  map { $_->id } @{ $c->stash->{objectslist} } ];
+    $c->stash->{page}{title} = "Liste des sites";
+}
 …
     my $base = $c->model('Accounts')->db;
+    $c->stash->{page}{title} = "Site :: $sitename";
     $c->stash->{sitename} = $sitename;
     $c->stash->{site} = $base->get_object('site', $sitename) or do {

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Controller/Users.pm

-                      r759
+                      r861
         $c->stash->{initials} = [ sort keys %initials ];
+    }
+    $c->stash->{page}{title} = 'Listes des utilisateurs (' . scalar(@{
+                $c->stash->{objectslist} }) . ')';
     $c->stash->{userslist} = \@userlist;
+}
 …
     my $base = $c->model('Accounts')->db;
+    $c->stash->{page}{title} = "Utilisateur :: $username";
     $c->stash->{username} = $username;
     $c->stash->{user} = $base->get_object('user', $username) or do {
 …
     };
     $c->stash->{subform} = $subform || '';
+    $c->stash->{page}{title} = "Utilisateur :: $username";
     for ($subform || '') {
 …
             last;
         };
+        /^my$/ and do {
+            $c->stash->{db} = $base;
+            $c->stash->{template} = 'users/my.tt';
+        };
         /^dump$/ and do {
             $c->stash->{db} = $base;

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Model/Accounts.pm

-                      r791
+                      r861
+}
+sub object_navigate {
+    my ($self, $otype, $id, @filter) = @_;
+    my @list = $self->db->search_objects($otype, @filter);
+    my $i = 0;
+    for($i = 0; $i <= $#list; $i++) {
+        $list[$i] eq $id and last;
+    }
+    my %ptr = ();
+    $ptr{oprev} = $list[$i-1] if ($i > 0);
+    $ptr{'onext'} = $list[$i+1] if ($i < $#list);
+    $ptr{ofirst} = $list[0] if ($i > 1);
+    $ptr{'olast'} = $list[$#list] if ($i < $#list -1);
+    $ptr{list} = \@list;
+    return \%ptr;
+}
 # Such function must not be here, but in LATMOS::Accounts
 # But code does not allow this at time

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Model/AttrFilter.pm

r638	r861
19	19	group => [ qw(cn description gidNumber sutype) ],
20	20	site => [ qw(l) ],
	21	nethost => [ qw(name cname otherName ip macaddr owner serialNumber) ],
	22	netzone => [ qw(net group type site) ],
21	23	};
22	24

LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Model/AttrForms.pm

-                      r804
+                      r861
 use warnings;
 use base 'Catalyst::Model';
+use LATMOS::Accounts::Log;
 =head1 NAME
 …
     sutype => [ 'Structure admin.', 'select-N:sutype' ],
     exported => [ 'PropagÃ©', 'label' ],
+    unexported => [ 'CachÃ©' ],
     locked => [ 'VÃ©rouillÃ©', 'checkbox:l' ],
     isMainAddress => [ 'Adresse principale', 'checkbox' ],
 …
     contratType => [ 'Type de contrat', 'select-N:group/sutype=contrattype' ],
     managerContact => [ 'Contact' ],
+    owner => [ 'PropriÃ©taire' ],
+    description => [ 'Description' ],
+    name => [ 'Nom' ],
+    net => [ "RÃ©seau" ],
+    macaddr => [ "Adresse Ethernet" ],
+    noDynamic => [ "Pas d'adressage dyn." ],
+    cname => [ "Alias (CName)" ],
+    type => [ "Type" ],
+    netExclude => [ "RÃ©seau exclus" ],
+    output => [ "Sortie" ],
+    template => [ "ModÃšle" ],
+    outputD => [ "Sortie" ],
+    templateD => [ "ModÃšle" ],
+    group => [ "Groupe" ],
+    allow_dyn => [ "DHCP dynamique" ],
+    ipCount => [ "Nb d'IP" ],
+    freeIPCount => [ "Nb d'IP libres" ],
+    dnsRevision => [ "RÃ©vision DNS" ],
+    lastUpdate => [ "DerniÃšre mise Ã  jour "],
+    otherName => [ "Autres noms (A)" ],
+    'reverse' => [ "Forcer le reverse Ã " ],
+    dynFrom => [ 'Sans Ip depuis' ],
+    siteNick => [ 'Acronyme' ],
+    serialNumber => [ 'NÂ° de sÃ©rie' ],
+    snNative => [ 'Nom d\'origine' ],
+    givenNameNative => [ 'PrÃ©nom d\'origine' ],
+    wWWHomePage => [ 'Site Web' ],
+    halReference => [ 'RÃ©fÃ©rence HAL' ],
 };
 …
             mail initials nickname
             locked
-            exported
             create
             date
 …
         ) ],
     },
     userstatus => {
         name => 'Status',
+    userstatut => {
+        name => 'Statut',
         attrs => [ qw(
             company
 …
         ) ],
     },
+    usermy => {
+        name => 'My',
+        attrs => [ qw(
+            snNative
+            givenNameNative
+            wWWHomePage
+            halReference
+        ) ],
+    },
     site => {
         name => 'Site',
         attrs => [ qw(
             description
+            siteNick
             streetAddress
             postOfficeBox
 …
             site
             co
             exported
+            unexported
             description
         ) ],
 …
             gidNumber description
             managedBy
             sutype exported
+            sutype
             create
             date
+        ) ],
+    },
+    nethost => {
+        name => 'Ordinateur',
+        attrs => [ qw(
+            name
+            description
+            serialNumber
+            owner
+            ip
+            macaddr
+            noDynamic
+            cname
+            otherName
+            reverse
+            create
+            date
+            unexported
+        ) ],
+    },
+    netzone => {
+        name => 'Zone rÃ©seau',
+        attrs => [ qw(
+            name
+            description
+            type
+            net
+            netExclude
+            outputD
+            templateD
+            site
+            allow_dyn
+            dynFrom
+            domain
+            ipCount
+            freeIPCount
+            create
+            date
+            dnsRevision
+            lastUpdate
+            unexported
         ) ],
     },
 …
     my ($self, $for) = @_;
     grep { $_ }
+    grep { $self->base->check_acl($self->{object} || $self->otype, $_, 'r') }
+    grep { $self->base->get_field_name($self->otype, $_, $for || 'a') }
+    grep { $self->base->attribute($self->otype, $_) }
     @{ $forms->{$self->{form}}->{attrs} };
+}
 …
     my ($self, $attr) = @_;
     return $self->{c}->req->param($attr) ||
+        ($self->{object} ? $self->{object}->get_c_field($attr) : '')
+}
+sub attr_field {
+    my ($self, $attr, $type) = @_;
+    my $modallow = $self->base->check_acl($self->{object}
+        ? ($self->{object}, $attr, 'w')
+        : ($self->otype, '@CREATE', 'w'));
+    $type ||= $attrs->{$attr}[1] || '';
+    if (!($self->base->get_field_name($self->otype, $attr, 'w') && $modallow)) {
+        $type = 'label';
+    }
+    # exception: gidNumber is used also in group, but we don't want
+    # group list here, really the number !
+    $type = $modallow ? 'text-U:6' : 'label' if ($self->{otype} eq 'group' && $attr eq 'gidNumber');
+    $type ||= 'text';
+    my $htmlname = $self->escape(($self->{object}
+        ($self->{object} ? $self->{object}->get_attributes($attr) : '')
+}
+sub attr_field_name {
+    my ($self, $attr) = @_;
+    return ($self->{object}
             ? $self->{object}->id . '_'
             : ''
         ) . $attr
+    );
+    for ($type) {
+        /^textarea$/ and return sprintf(
+            '<textarea id="%s" name="%s" cols="40">%s</textarea>',
+            $self->escape($htmlname),
+            $self->escape($htmlname),
+            $self->escape($self->attr_raw_value($attr) || ''),
+        );
+        /^label$/ and do {
+            my $field = $self->escape(
+                $self->attr_raw_value($attr)
+            );
+            $field =~ s/\n/<br>/g;
+            return $field . sprintf('<input type="hidden" name="%s" value="%s">',
+                $self->escape($htmlname), ($self->attr_raw_value($attr) || ''));
+        };
+        /^date$/ and do {
+            my ($date, $time) = split(/ /, $self->attr_raw_value($attr) || '');
+            if ($date && $date =~ /^(\d+)-(\d+)-(\d+)$/) {
+                $date = "$3/$2/$1";
+            }
+            my $html = "\n" . q{<SCRIPT LANGUAGE="JavaScript" ID="js13">
+            var cal13 = new CalendarPopup();
+            </SCRIPT>} . "\n";
+            $html .= sprintf(
+                '<input type="text" id="%s" name="%s" value="%s" size="12">',
+                $self->escape($htmlname),
+                $self->escape($htmlname),
+                $self->escape($date)
+            );
+            $html .= q{<DIV ID="testdiv1" STYLE="position:absolute;visibility:hidden;background-color:white;layer-background-color:white;"></DIV>};
+            $html .= qq|
+            <A HREF="#"
+                onClick="cal13.select(document.forms[0].$htmlname,'${htmlname}_anc','dd/MM/yyyy');return false;"
+                TITLE="cal13.select(document.forms[0].$htmlname,'${htmlname}_anc','dd/MM/yyyy');return false;"
+                NAME="${htmlname}_anc" ID="${htmlname}_anc">
+                <img src="| . $self->{c}->uri_for(qw(/static icons view-calendar-day.png))
+                . qq{" style="ref"></A>
+                } . "\n";
+            return $html;
+        };
+        /^checkbox(?::(\w+))?$/ and do {
+            my $options = $1 || '';
+            my $text = sprintf('<input type="checkbox" name="%s"%s>',
+                $self->escape($htmlname),
+                $self->attr_raw_value($attr) ? '  checked="yes"' : ''
+            );
+            $text .= sprintf('<input type="hidden" name="%s">',
+                $self->escape($htmlname));
+            if ($options =~ /l/) {
+                $text .= $self->attr_raw_value($attr)
+                    ? ' ' . $self->attr_raw_value($attr)
+                    : '';
+            }
+            return $text;
+        };
+        /^select(-\w+)?:([^:\/]+)(?:\/([^:]+))?(?::(.*))?/ and do {
+            my $options = $1 || '';
+            my $otype = $2;
+            my $filter = $3;
+            my $keyfield = $4;
+            my $observe_keyfield = $keyfield || 'displayName';
+            my $select = sprintf('<select id="%s" name="%s">',
+                $self->escape($htmlname),
+                $self->escape($htmlname)) . "\n";
+            $select .= '<option value="">--</option>' . "\n" if ($options =~ /N/);
+            my $value = $self->attr_raw_value($attr) || '';
+            my $initial_observed = '';
+            foreach my $id (sort $filter
+                ? $self->base->search_objects($otype, $filter)
+                : $self->base->list_objects($otype)) {
+                my $val = $id;
+                if ($keyfield) {
+                    my $obj = $self->base->get_object($otype, $id) or next;
+                    $val = $obj->get_c_field($keyfield);
+                }
+                $select .= sprintf(
+                    '    <option value="%s"%s>%s</option>',
+                    $self->escape($val || ''),
+                    $value eq $val ? ' selected="selected"' : '',
+                    $self->escape($id || ''),
+}
+sub attr_field {
+    my ($self, $attr, $type) = @_;
+    my $attribute = ($self->{object}
+        ? $self->{object}->attribute($attr)
+        : $self->base->attribute($self->otype, $attr)) or return;
+    my $htmlname = $self->escape($self->attr_field_name($attr));
+    my @html_fields;
+    foreach my $attr_raw_value (
+        $attribute->{multiple}
+            ? ((grep { $_ } $self->attr_raw_value($attr)),
+                $attribute->readonly
+                    ? ()
+                    : ('')
+            )
+            : ($self->attr_raw_value($attr))) {
+        my $html_id = $htmlname .
+            (scalar(@html_fields) ? scalar(@html_fields) : '');
+        my $html_field = '';
+        for ($attribute->form_type) {
+            /^textarea$/i and do {
+                $html_field = sprintf(
+                    '<textarea id="%s" name="%s" cols="40">%s</textarea>',
+                    $self->escape($html_id),
+                    $self->escape($htmlname),
+                    $self->escape($attr_raw_value || ''),
                 );
+                $select .= "\n";
+                if($value eq $val) {
+                    if (my $obj = $self->base->get_object($otype, $id)) {
+                        $initial_observed = $obj->get_c_field($observe_keyfield)
+                        || '';
+                    }
+                }
+            }
+            $select .= "</select>\n";
+            $select .= $self->{c}->prototype->observe_field( $htmlname, {
+                update => "${htmlname}_span",
+                url => $self->{c}->uri_for('/ajax', 'rawattr', $otype),
+                frequency => 1,
+                with   => "'attr=" . $observe_keyfield .
+                "&id='+element.options[element.selectedIndex].text",
+            }) .
+            qq|<span id="${htmlname}_span">$initial_observed</span>|;
+            return $select;
+        };
+        /^text(-\w+)?(?::(\d+))?/ and do {
+            my $flag = $1 || '';
+            if (my @allowed = $self->base->obj_attr_allowed_values(
+                    $self->{otype}, $attr)) {
+                my $cvalue = $self->attr_raw_value($attr);
+                my $textf = sprintf('<select  id="%s" name="%s">',
+                last;
+            };
+            /^label$/i and do {
+                $attr_raw_value or last;
+                $html_field = $self->escape($attr_raw_value);
+                $html_field =~ s/\n/<br>/g;
+                $html_field .= sprintf('<input type="hidden" name="%s" value="%s">',
+                    $self->escape($htmlname), ($attr_raw_value || ''));
+                last;
+            };
+            /^date$/i and do {
+                my ($date, $time) = split(/ /, $self->attr_raw_value($attr) || '');
+                if ($date && $date =~ /^(\d+)-(\d+)-(\d+)$/) {
+                    $date = "$3/$2/$1";
+                }
+                my $html = "\n" . q{<SCRIPT LANGUAGE="JavaScript" ID="js13">
+                var cal13 = new CalendarPopup();
+                </SCRIPT>} . "\n";
+                $html .= sprintf(
+                    '<input type="text" id="%s" name="%s" value="%s" size="12">',
+                    $self->escape($html_id),
                     $self->escape($htmlname),
+                    $self->escape($date)
+                );
+                $html .= q{<DIV ID="testdiv1" STYLE="position:absolute;visibility:hidden;background-color:white;layer-background-color:white;"></DIV>};
+                $html .= qq|
+                <A HREF="#"
+                    onClick="cal13.select(document.getElementById('$html_id'),'${html_id}_anc','dd/MM/yyyy');return false;"
+                    TITLE="Date"
+                    NAME="${html_id}_anc" ID="${html_id}_anc">
+                    <img class="attr" src="| . $self->{c}->uri_for(qw(/static icons view-calendar-day.png))
+                    . qq{" style="ref"></A>
+                    } . "\n";
+                $html_field = $html;
+                last;
+            };
+            /^checkbox(?::(\w+))?$/i and do {
+                my $options = $1 || '';
+                $html_field = sprintf('<input type="checkbox" name="%s"%s>',
+                    $self->escape($htmlname),
+                    $attr_raw_value ? '  checked="yes"' : ''
+                );
+                $html_field .= sprintf('<input type="hidden" name="%s">',
+                    $self->escape($htmlname));
+                if ($attribute->form_option('rawvalue')) {
+                    $html_field .= $attr_raw_value
+                        ? ' ' . $attr_raw_value
+                        : '';
+                }
+                last;
+            };
+            /^LIST/ and do {
+                my $options = $1 || '';
+                my $select = sprintf('<select id="%s" name="%s">',
+                    $self->escape($html_id),
                     $self->escape($htmlname)) . "\n";
+                $textf .= '<option value="">--</option>' . "\n";
+                foreach (sort @allowed) {
+                    $textf .= sprintf('<option value="%s"%s>%s</option>' . "\n",
+                        $self->escape($_),
+                        (($cvalue || '') eq $_ ? ' selected="selected"' : ''),
+                        $self->escape($_),
+                $select .= '<option value="">--</option>' . "\n"
+                    unless($attribute->mandatory);
+                my $value = $attr_raw_value || '';
+                my $initial_observed = '';
+                my @valslist;
+                foreach my $val (sort $attribute->can_values) {
+                    push(@valslist, {
+                        val => $val,
+                        disp => $attribute->display($val || ''),
+                    });
+                }
+                foreach (sort { $a->{disp} cmp $b->{disp} } @valslist) {
+                    $select .= sprintf(
+                        '    <option value="%s"%s>%s</option>',
+                        $self->escape($_->{val} || ''),
+                        $value eq $_->{val} ? ' selected="selected"' : '',
+                        $self->escape($_->{disp} || ''),
                     );
+                }
+                $textf .= "</select>\n";
+                return $textf;
+            } else {
+                my $textf = sprintf(
+                    $select .= "\n";
+                }
+                $select .= "</select>\n";
+                $html_field = $select;
+                last;
+            };
+            /^text(-\w+)?(?::(\d+))?/i and do {
+                my $flag = $1 || '';
+                $html_field = sprintf(
                     '<input type="text" id="%s" name="%s" value="%s" size="%d">',
+                    $self->escape($html_id),
                     $self->escape($htmlname),
+                    $self->escape($htmlname),
+                    $self->escape($self->attr_raw_value($attr)),
+                    $2 || 30,
+                    $self->escape($attr_raw_value),
+                    $attribute->form_option('length') || 30,
                 );
                 if ($flag =~ /A/) {
+                $textf .= qq|<span id="${htmlname}_auto_complete"></span>|;
+                $textf .= "\n";
+                $textf .= $self->{c}->prototype->auto_complete_field(
+                    $htmlname,
+                    {
+                    update => "${htmlname}_auto_complete",
+                    url => $self->{c}->uri_for('/ajax', 'attrvalues', $self->otype, $attr),
+                    indicator => "${htmlname}_stat", min_chars => 1,
+                    with => "'val='+document.getElementById('$htmlname').value",
+                    frequency => 2,
+                    }
+                );
+                }
+                if ($flag =~ /U/) {
+                $textf .= qq|<span id="${htmlname}_observer_uniq"></span>|;
+                $textf .= "\n";
+                $textf .= $self->{c}->prototype->observe_field(
+                    $htmlname,
+                    {
+                    update => "${htmlname}_observer_uniq",
+                    url => $self->{c}->uri_for('/ajax', 'objattrexist',
+                        $self->otype, $attr),
+                    frequency => 2,
+                    indicator => "${htmlname}_stat", min_chars => 1,
+                    with => "'val='+document.getElementById('$htmlname').value" .
+                        ($self->{object} ? "+'&exclude=" . $self->{object}->id . "'" :
+                            ''),
+                    }
+                );
+                }
+                $textf .= qq|<span style="display:none" id="${htmlname}_stat">Searching...</span>|;
+                return $textf;
+                    $html_field .= qq|<span id="${html_id}_auto_complete"></span>|;
+                    $html_field .= "\n";
+                    $html_field .= $self->{c}->prototype->auto_complete_field(
+                        $html_id,
+                        {
+                            update => "${html_id}_auto_complete",
+                            url => $self->{c}->uri_for('/ajax', 'attrvalues', $self->otype, $attr),
+                            indicator => "${html_id}_stat", min_chars => 1,
+                            with => "'val='+document.getElementById('$html_id').value",
+                            frequency => 2,
+                        }
+                    );
+                }
+                if ($attribute->uniq) {
+                    $html_field .= qq|<span class="inputvalidate" id="${html_id}_observer_uniq"></span>|;
+                    $html_field .= "\n";
+                    $html_field .= $self->{c}->prototype->observe_field(
+                        $html_id,
+                        {
+                            update => "${html_id}_observer_uniq",
+                            url => $self->{c}->uri_for('/ajax', 'objattrexist',
+                                $self->otype, $attr),
+                            frequency => 2,
+                            indicator => "${html_id}_stat", min_chars => 1,
+                            with => "'val='+document.getElementById('$html_id').value" .
+                            ($self->{object} ? "+'&exclude=" . $self->{object}->id . "'" :
+                                ''),
+                        }
+                    );
+                    $html_field .= qq|<span style="display:none" id="${html_id}_stat">Searching...</span>|;
+                }
+                last;
+            };
+        }
+        if (my $ref = $attribute->reference) {
+            my $uri_part= {
+                user => 'users',
+                group => 'groups',
+                nethost => 'nethosts',
+                netzone => 'netzones',
+                site => 'sites'
+            }->{$ref};
+            my $text;
+            if ($self->base->attribute($ref, 'displayName')) {
+                if ($attr_raw_value &&
+                    (my $obj = $self->base->get_object($ref, $attr_raw_value)))
+                {
+                    $text = $obj->get_attributes('displayName');
+                }
+                $html_field .= $self->{c}->prototype->observe_field( $html_id, {
+                        update => "${html_id}_span",
+                        url => $self->{c}->uri_for('/ajax', 'rawattr', $ref),
+                        frequency => 1,
+                        with   => "'attr=displayName" .
+                        "&id=' + element.options[element.selectedIndex].text",
+                    }) . "\n" if ($attribute->form_type =~ /list/i);
+            } elsif($attr_raw_value && $uri_part) {
+                $text = sprintf(
+                    '<img class="attr" src="%s" title="%s">',
+                    $self->{c}->uri_for('/static', 'icons', 'arrow-right.png'),
+                    $attr_raw_value,
+                )
+            }
+        };
+            $html_field .= sprintf(qq{<span id="%s" style="margin-left: 1em">},
+                "${html_id}_span");
+            if (defined($text)) {
+                $html_field .= $uri_part
+                    ? sprintf('<a href="%s">%s</a>',
+                        $self->{c}->uri_for("/$uri_part", $attribute->display($attr_raw_value)),
+                        $text,)
+                    : $text;
+            }
+            $html_field .= "</span>\n";
+        }
+        push(@html_fields, $html_field);
+    }
+    return join("<br>\n", @html_fields);
+}
 …
+}
+sub write_attributes {
+    my ($self) = @_;
+    my @attrs;
+    foreach ($self->attributes) {
+        my $attr = ($self->{object}
+            ? $self->{object}->attribute($_)
+            : $self->base->attribute($self->otype, $_)) or next;
+        $attr->readonly and next;
+        push(@attrs, $_);
+    }
+    @attrs;
+}
 sub set_attrs {
     my ($self) = @_;
 …
     my $prefix = $self->{object}->id . '_';
     my %fields;
+    foreach (
+        grep { $self->base->get_field_name($self->otype, $_, 'w') }
+        $self->attributes) {
+    foreach ($self->write_attributes) {
+        my $attr = ($self->{object}
+            ? $self->{object}->attribute($_)
+            : $self->base->attribute($self->otype, $_)) or next;
         if (($attrs->{$_}[1] || '') eq 'checkbox') {
             $fields{$_} = $self->{c}->req->param("$prefix$_") ? 1 : 0;
+        } elsif ($attr->{multiple}) {
+            $fields{$_} = [ grep { $_ } $self->{c}->req->param("$prefix$_") ];
         } else {
             $fields{$_} = $self->{c}->req->param("$prefix$_");
+        }
+    }
+    $self->{object}->set_c_fields(%fields) or return;
+    $self->{object}->set_c_fields(%fields) or do {
+        $self->{c}->stash->{page}{error} =
+            LATMOS::Accounts::Log::lastmessage(LA_ERR);
+        $self->{object}->base->rollback;
+        return;
+    };
     $self->{object}->base->commit;
+}

LATMOS-Accounts-Web/root/html/ajax/objexist.tt

-                      r500
+                      r861
 [% IF exists %]
 <img src="[% c.uri_for('/static', 'images', 'dialog-cancel.png') %]">
+<img class="attr" src="[% c.uri_for('/static', 'images', 'dialog-cancel.png') %]">
 ([% exists %])
 [% ELSE %]
 <img src="[% c.uri_for('/static', 'images', 'dialog-ok-apply.png') %]">
+<img class="attr" src="[% c.uri_for('/static', 'images', 'dialog-ok-apply.png') %]">
 [% END %]

LATMOS-Accounts-Web/root/html/departments/default.tt

r148	r861
1		<!-- $Id: default.tt ~~432 2009-05-17 13:19:38~~Z nanardon $ -->
	1	<!-- $Id: default.tt 2800 2010-08-01 12:02:51Z nanardon $ -->
2	2	[% IF NOT department %]
3	3	No department [% departmentname \| html %] found.

LATMOS-Accounts-Web/root/html/departments/menu.tt

r148	r861
1		<!-- $Id: ~~user_menu.tt 443 2009-05-18 03:52:2~~1Z nanardon $ -->
	1	<!-- $Id: menu.tt 2800 2010-08-01 12:02:51Z nanardon $ -->
2	2	<div>
3	3	<table border="0">

LATMOS-Accounts-Web/root/html/groups/index.tt

-                      r220
+                      r861
 <table border="0">
 <tr><td colspan="2">[% groupslist.size %] groupes</td></tr>
 <tr><th>Nom</th><th>Description</th></tr>
+<tr><th>Nom</th><th>Description</th><th></th></tr>
 [% FOREACH groupname = groupslist %]
 [% group = db.get_object('group', groupname) %]
 <tr>
+    <td>[% group.id | html %]</td>
+    <td>[% group.get_c_field('description') | truncate(30) | html %]
+    <a href="[% c.uri_for('/groups', groupname) %]">
+        <img src="[% c.uri_for('/static', 'icons', 'arrow-right.png') %]"
+    <td><a href="[% c.uri_for('/groups', groupname) %]">
+        <img src="[% c.uri_for('/static', 'icons', 'icon_edit.png') %]"
             height="16" width="16"
             alt="[% "edit " _ groupname | html %]">
+    </a></td>
+    </a> [% group.id | html %]</td>
+    <td>
+    <span title="[% group.get_c_field('description') | html %]">
+    [% group.get_c_field('description') | truncate(30) | html %]
+    </span>
+    </td>
 </tr>
 [% END %]

LATMOS-Accounts-Web/root/html/groups/menu.tt

-                      r544
+                      r861
 <!-- $Id$ -->
 <div id="omenu">
+<div id="oinfo">
     [% INCLUDE 'includes/obj_prev_next.tt' objtype='group' objname=groupname %]
+    <table border="0">
     <tr><td>
+    <div>
     <img src="[% c.uri_for('/static', 'icons', 'user-group-properties.png') %]"
     alt="[% "Groupe " _ groupname %]">
+    </td>
+    <td>
+    [% groupname | html %]<br>
+    </div>
+    <div>
+    <p id="oname">[% groupname | html %]</p>
     [% group.get_c_field('description') | html %]
+    </table>
+    <div style="clear: both;"></div>
+    </div>
+</div>
+<div style="clear: both;"></div>
+<div id="omenu">
         <a href="[% c.uri_for(groupname) %]"><span [% 'id="oactive"' IF subform == '' %]>SystÃšme</span></a>
         <a href="[% c.uri_for(groupname, 'users') %]"><span [% 'id="oactive"' IF subform == 'users' %]>Utilisateurs</span></a>
+[% IF group.get_attributes('sutype') == 'dpmt' %]
+        <a href="[% c.uri_for(groupname, 'dpmt') %]"><span [% 'id="oactive"' IF subform == 'dpmt' %]>DÃ©partement</span></a>
+[% END %]
 </div>
+<div style="clear: both;"></div>

LATMOS-Accounts-Web/root/html/groups/users.tt

-                      r756
+                      r861
 [% ELSE %]
+[% modallow = c.model('Accounts').db.check_acl(group, 'memberUID', 'w') %]
+[% modallow = c.model('Accounts').db.check_acl(group, 'memberUID', 'w') AND
+NOT group.attribute('memberUID').ro %]
 <div class="objectform" id="objectform">
 …
 <b>Membres primaire:</b><br>
 [% END %]
+<a href="[% c.uri_for('/users', uid) %]">[% uid | html %]</a><br>
+<a href="[% c.uri_for('/users', uid) %]">[% uid | html %]</a>
+[% ouser = c.model('Accounts').db.get_object('user', uid) %]
+[% INCLUDE user_flag ouser=ouser %]
+<br>
 [% END %]
 [% FOREACH uid = group.get_c_field('member').sort %]
+[% ouser = c.model('Accounts').db.get_object('user', uid) %]
 [% IF loop.first %]
 <b>Membres</b><br>
 [% END %]
 [% IF modallow %]
+<form action="[% c.uri_for(groupname, subform) %]" method="POST">
+[% IF ouser.get_attributes('department') == group.id OR
+      ouser.get_attributes('contratType') == group.id %]
+<img src="[% c.uri_for('/static', 'icons', 'changes-prevent.png') %]"
+    width="24" height="24" title="Ce groupe est gÃ©rÃ© via un autre attribut">
+[% ELSE %]
+<form action="[% c.uri_for(groupname, subform) %]" method="POST" style="display: inline">
 <input type="hidden" name="deluser" value="[% uid | html %]">
 <input type="image" src="[% c.uri_for('/static', 'icons', 'user-group-delete.png') %]" width="24" height="24">
+</form>
 [% END %]
+<a href="[% c.uri_for('/users', uid) %]">[% uid | html %]
+([% c.model('Accounts').db.get_object('user', uid).get_attributes('displayName') | html %])</a><br>
+[% END %]
+<a href="[% c.uri_for('/users', uid, 'statut') %]">[% uid | html %]
+([% ouser.get_attributes('displayName') | html %])</a>
+[% INCLUDE user_flag ouser=ouser %]
+<br>
 [% IF modallow %]
-</form>
 [% END %]
 [% IF loop.last %]

LATMOS-Accounts-Web/root/html/includes/form.tt

-                      r507
+                      r861
 <!-- $Id$ -->
 <div id="oform">
+<div id="oform" class="oform">
 [% attributes = form.attributes() %]
 [% IF attributes.0 %]
 …
 <tr><th>[% form.attr_label(attr) %]</th><td>[% form.attr_field(attr) %]</td>
 [% IF loop.last %]
+[% IF form.write_attributes %]
 <tr><td colspan=2>[% form.submit %]</td></tr>
+[% END %]
 </table>
 </form>

LATMOS-Accounts-Web/root/html/includes/header.tt

-                      r689
+                      r861
 <html>
 <head>
 <title>[% page.title %]</title>
+<title>LATMOS::Accounts / [% page.title %]</title>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 <link rel="stylesheet" href="[% c.uri_for('/static', 'style.css') %]?" type="text/css">
 …
 <script type="text/javascript" language="JavaScript" src="[% c.uri_for('/static', 'js', 'dragdrop.js') %]"></script>
 <script type="text/javascript" language="JavaScript" src="[% c.uri_for('/static', 'js', 'controls.js') %]"></script>
+<script type="text/javascript" language="JavaScript">
+function resetmenu() {
+    document.getElementById('menui').innerHTML = '[% page.title | html %]';
+}
+[% IF page.error %]
+window.onload = analert;
+function analert () {
+    alert('[% page.error | replace('\'', '\\\'') %]');
+}
+[% END %]
+</script>
 </head>
 …
 [% END %]
+[% BLOCK user_flag %]
+[% INCLUDE object_flag object = ouser %]
+[% END %]
+[% BLOCK object_flag %]
+[% IF object.type == 'user' %]
+    [% IF object.get_attributes('unexported') %]
+<img src="[% c.uri_for('/static', 'icons', 'gtk-delete.png') %]"
+class="notice" title="Ce compte est dÃ©sactivÃ©" alt="disable">
+    [% ELSIF object.get_attributes('expired') %]
+<img src="[% c.uri_for('/static', 'icons', 'emblem-urgent.png') %]"
+class="notice" title="Ce compte est expirÃ© ([% object.get_attributes('expired') %])" alt="expired">
+    [% ELSIF object.get_attributes('expire') %]
+<img src="[% c.uri_for('/static', 'icons', 'appointment-new.png') %]"
+class="notice" title="Ce compte est temporaire ([% object.get_attributes('expire') %])" alt="temporary">
+    [% END %]
+[% ELSE %]
+    [% IF object.get_attributes('unexported') %]
+<img src="[% c.uri_for('/static', 'icons', 'gtk-delete.png') %]"
+class="notice" title="Cette entrÃ©e est dÃ©sactivÃ©s" alt="disable">
+    [% END %]
+[% END %]
+[% END %]
 <body>
 <!-- $Id$ -->
+<div id="head" class="pmenu">
+    Gestion des Utilisateurs du LATMOS
+[% IF c.user.username %]
+<span style="float:right; font-size: 0.5em;">
+Vous Ãªtes [% c.user.username | html %]
+</span>
+[% END %]
+<div id="head">
+    <div class="pmenu">
+        [% IF c.config.company %]
+        Gestion informatique - [% c.config.company | html %]
+        [% ELSE %]
+        Gestion informatique
+        [% END %]
+    [% IF c.user.username %]
+    <span style="float:right; font-size: 0.5em;">
+    Vous Ãªtes [% c.user.username | html %]
+    </span>
+    [% END %]
+    </div>
+    <div id="mainmenu" style="float: left">
+        <span>
+            <a href="[% c.uri_for('/users') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Liste des utilisateurs';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Utilisateurs" src="[% c.uri_for('/static', 'icons', 'avatar-default.png') %]"></a>
+        [% IF c.model('Accounts').db.check_acl('user', '@CREATE', 'w') %]
+            <a href="[% c.uri_for('/create', 'user') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='CrÃ©er un utilisateur';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Ajouter un utilisateurs" src="[% c.uri_for('/static', 'icons', 'add.png') %]"></a>
+        [% END %]
+        </span>
+        <span>
+            <a href="[% c.uri_for('/groups') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Liste des groupes';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Groupes" src="[% c.uri_for('/static', 'icons', 'system-users.png') %]"></a>
+        [% IF c.model('Accounts').db.check_acl('group', '@CREATE', 'w') %]
+            <a href="[% c.uri_for('/create', 'group') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='CrÃ©er un groupe';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Ajouter un groupe" src="[% c.uri_for('/static', 'icons', 'add.png') %]"></a>
+        [% END %]
+        </span>
+        <span>
+            <a href="[% c.uri_for('/sites') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Liste des sites';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Sites" src="[% c.uri_for('/static', 'icons', 'xfce-internet.png') %]"></a>
+        </span>
+        [% # On cache volontairement les alias si l'utilisateur ne doit pas y
+        toucher %]
+        [% IF c.model('Accounts').db.check_acl('aliases', '@CREATE', 'w') %]
+        <span>
+            <a href="[% c.uri_for('/aliases') %]"
+            onMouseOver="document.getElementById('menui').innerHTML=
+                'Alias mail sans utilisateur';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Alias mail" src="[% c.uri_for('/static', 'icons', 'mail_forward.png') %]"></a>
+        </span>
+        [% END %]
+        <span>
+            <a href="[% c.uri_for('/nethosts') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Liste des hÃŽtes rÃ©seau';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="HÃŽtes rÃ©seau" src="[% c.uri_for('/static', 'icons', 'video-display.png') %]"></a>
+        [% IF c.model('Accounts').db.check_acl('nethost', '@CREATE', 'w') %]
+            <a href="[% c.uri_for('/create', 'nethost') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Ajouter un hote rÃ©seau';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Ajouter un hÃŽte rÃ©seau" src="[% c.uri_for('/static', 'icons', 'add.png') %]"></a>
+        [% END %]
+        </span>
+        [% # On cache volontaire les zones si l'utilisateur ne doit pas y
+        toucher %]
+        [% IF c.model('Accounts').db.check_acl('netzone', '@CREATE', 'w') %]
+        <span>
+            <a href="[% c.uri_for('/netzones') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Liste des zones rÃ©seaux';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Gestion RÃ©seau" src="[% c.uri_for('/static', 'icons', 'network-workgroup.png') %]"></a>
+            <a href="[% c.uri_for('/create', 'netzone') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Ajouter une zones rÃ©seau';"
+            onMouseOut="resetmenu();"
+            ><img title="Ajouter une zone" src="[% c.uri_for('/static', 'icons', 'add.png') %]"></a>
+        </span>
+        [% END %]
+        <span>
+            <a href="[% c.uri_for('/about') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='A propos...';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="A propos..." src="[% c.uri_for('/static', 'icons', 'gtk-about.png') %]"></a>
+        </span>
+    </div>
+    [% IF c.user.username %]
+    <div style="float: right">
+        <span>
+            <a href="[% c.uri_for('/users', c.user.username) %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Mon profile';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Mon profile" src="[% c.uri_for('/static', 'icons', 'gtk-home.png') %]"></a>
+        </span>
+        <span>
+            <a href="[% c.uri_for('/users', c.user.username, 'passwd') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Changer mon mot de passe';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Changer mon mot de passe" src="[% c.uri_for('/static',
+            'icons', 'dialog-password.png') %]"></a>
+        </span>
+        <span>
+            <a href="[% c.uri_for('/logout') %]"
+            onMouseOver="document.getElementById('menui').innerHTML='Se dÃ©connecter';"
+            onMouseOut="resetmenu();"
+            >
+            <img title="Se dÃ©connecter" src="[% c.uri_for('/static',
+                    'icons', 'gtk-close.png') %]"></a>
+        </span>
+    </div>
+    [% END %]
+    <div style="clear: both"></div>
+    <p>&gt; <span id="menui">[% page.title | html %]</span></p>
 </div>
-<div id="mainmenu" class="pmenu">
-<div style="float: left">[% mainmenu %]</div>
-[% IF c.user.username %]
-<div style="float: right">
-    <a href="[% c.uri_for('/users', c.user.username) %]"><span>Mon profile</span></a>
-    <a href="[% c.uri_for('/users', c.user.username, 'passwd') %]"><span>Mon mot de passe</span></a>
-    <a href="[% c.uri_for('/logout') %]"><span>Se dÃ©connecter</span></a>
-</div>
-[% END %]
-<div style="clear: both"></div>
-</div>

LATMOS-Accounts-Web/root/html/includes/obj_prev_next.tt

-                      r544
+                      r861
 <!-- $Id$ -->
+<p style="float: right">
+[% prev_next = c.model('Accounts').object_prev_next(objtype, objname) %]
+[% IF prev_next.0 %]
+<a href="[% c.uri_for(prev_next.0, subform) %]" title="[% prev_next.0 | html
+%]">Prec.</a>
+[% ELSE %]
+Prec.
+[% END %]
+[% IF prev_next.1 %]
+<a href="[% c.uri_for(prev_next.1, subform) %]" title="[% prev_next.1 | html
+%]">Suiv.</a>
+[% ELSE %]
+Suiv.
+[% END %]
+</p>
+<div id="navigate" style="float: right">
+<p>
+[% nav = c.model('Accounts').object_navigate(objtype, objname) %]
+[% IF nav.ofirst %]
+<a href="[% c.uri_for(nav.ofirst, subform) %]">
+<img src="[% c.uri_for('/static', 'icons/gtk-goto-first-ltr.png') %]" title="[%
+nav.ofirst | html %]" alt="first">
+</a>
+[% END %]
+[% IF nav.oprev %]
+<a href="[% c.uri_for(nav.oprev, subform) %]">
+<img src="[% c.uri_for('/static', 'icons/gtk-go-back-ltr.png') %]" title="[%
+nav.oprev | html %]" alt="previous">
+</a>
+[% END %]
+[% IF nav.onext %]
+<a href="[% c.uri_for(nav.onext, subform) %]">
+<img src="[% c.uri_for('/static', 'icons/gtk-go-back-rtl.png') %]" title="[%
+nav.onext | html %]" alt="next">
+</a>
+[% END %]
+[% IF nav.olast %]
+<a href="[% c.uri_for(nav.olast, subform) %]">
+<img src="[% c.uri_for('/static', 'icons/gtk-goto-first-rtl.png') %]" title="[%
+nav.olast | html %]" alt="last">
+</a>
+[% END %]
+</p>
+[% IF nav.list %]
+<form action="[% c.uri_for('/ajax/goto') %]">
+<p>
+<input type="hidden" name="otype" value="[% objtype | html %]">
+<input type="hidden" name="subform" value="[% subform | html %]">
+<select name="goto">
+[% FOREACH item = nav.list %]
+<option value="[% item | html %]" [% 'selected="selected"' IF item == objname
+%]>[% item | html %]</option>
+[% END %]
+</select>
+<input type="image" alt="Go To" title="Aller Ã " src="[%
+c.uri_for('/static', 'icons', 'gtk-jump-to-rtl.png') %]">
+</p>
+</form>
+[% END %]
+</div>

LATMOS-Accounts-Web/root/html/sites/default.tt

r214	r861
1		<!-- $Id: default.tt ~~432 2009-05-17 13:19:38~~Z nanardon $ -->
	1	<!-- $Id: default.tt 2800 2010-08-01 12:02:51Z nanardon $ -->
2	2	[% IF NOT site %]
3	3	No site [% sitename \| html %] found.

LATMOS-Accounts-Web/root/html/sites/menu.tt

-                      r214
+                      r861
+<!-- $Id: user_menu.tt 443 2009-05-18 03:52:21Z nanardon $ -->
+<div id="omenu">
+    <table border="0">
+    <tr><td>
+<!-- $Id: menu.tt 3103 2010-08-26 12:47:15Z nanardon $ -->
+<div id="oinfo">
+    [% INCLUDE 'includes/obj_prev_next.tt' objtype='site' objname=sitename %]
+    <div>
     <img src="[% c.uri_for('/static', 'icons', 'user-properties.png') %]"
     alt="[% "User " _ sitename %]">
     </td>
     <td>
     [% sitename | html %]<br>
+    </div>
+    <div>
+    <p id="oname">[% sitename | html %]</p>
     [% user.get_c_field('l') | html %]
+    </td></tr>
+    </table>
+    </div>
 </div>
+<div style="clear: both;"></div>

LATMOS-Accounts-Web/root/html/users/address.tt

-                      r686
+                      r861
 </form>
+[% IF address.base.check_acl(address, '@DELETE', 'w') %]
 <table border=1><tr><td align="center">
 <form action="[% c.uri_for(username, subform) %]" method="POST">
 …
 </form>
 </td></tr></table>
+[% END %]
 </div>

LATMOS-Accounts-Web/root/html/users/address_form.tt

-                      r760
+                      r861
     <td>[% form.attr_field('co', fieldtype) %]</td>
 </tr>
+[% IF form.write_attributes %]
 <tr>
     <th></th>
+    <td>[% form.submit %]</td>
+    <td>
+    [% form.submit %]
+    </td>
 </tr>
+[% END %]
 </table>

LATMOS-Accounts-Web/root/html/users/groups.tt

-                      r508
+                      r861
 [% FOREACH g = user.get_c_field('memberOf') %]
 [% IF modallow %]
+<form action="[% c.uri_for(username, subform) %]" method="POST">
+[% IF user.get_attributes('department') == g OR
+      user.get_attributes('contratType') == g %]
+<img src="[% c.uri_for('/static', 'icons', 'changes-prevent.png') %]"
+    width="24" height="24" title="Ce groupe est gÃ©rÃ© via un autre attribut">
+[% ELSE %]
+<form action="[% c.uri_for(username, subform) %]" method="POST" style="display: inline">
 <input type="hidden" name="delgroup" value="[% g | html %]">
 <input type="image" src="[% c.uri_for('/static', 'icons', 'user-group-delete.png') %]" width="24" height="24">
+</form>
+[% END %]
 [% END %]
 <a href="[% c.uri_for('/groups', g) %]">[% g | html %]</a><br>
 [% IF modallow %]
-</form>
 [% END %]
 [% END %]

LATMOS-Accounts-Web/root/html/users/index.tt

-                      r682
+                      r861
 <table border="0">
 <tr><td colspan="2">[% objectslist.size %] Utilisateurs<br>
+<tr><td colspan="5">
 [% IF initials %]
 Pages:
 …
 [% END %]
 </td></tr>
 <tr><th>Login</th><th>Nom</th></tr>
+<tr><td></td><th>Login</th><th>Nom</th><th>Description</th><th>Mail</th></tr>
 [% FOREACH username = userslist %]
 [% user = db.get_object('user', username) %]
 <tr>
+    <td>[% username | html %]</td>
+    <td>
+[% INCLUDE 'user_flag' ouser=user %]
+    </td>
+    <td><a href="[% c.uri_for('/users', username) %]">
+        <img src="[% c.uri_for('/static', 'icons', 'icon_edit.png') %]"
+            height="16" width="16"
+            alt="[% "edit " _ username | html %]">
+    </a>[% username | html %]</td>
     <td>
         [% user.get_c_field('sn') | html %]
         [% user.get_c_field('givenName') | html %]
+        [% user.get_c_field('description') | truncate(20) | html %]
+    <a href="[% c.uri_for('/users', username) %]">
+        <img src="[% c.uri_for('/static', 'icons', 'arrow-right.png') %]"
+            height="16" width="16"
+            alt="[% "edit " _ username | html %]">
+    </a></td>
+   </td>
+    <td>
+    <span title="[% user.get_c_field('description') | html %]">
+    [% user.get_c_field('description') | truncate(20) | html %]
+    </span>
+   </td>
+    <td><span title="[% user.get_c_field('mail') | html %]">
+    [% user.get_c_field('mail') | truncate(20) | html %]</span>
+   </td>
 </tr>
 [% END %]

LATMOS-Accounts-Web/root/html/users/menu.tt

-                      r730
+                      r861
 <!-- $Id$ -->
+<div id="omenu">
+<div id="oinfo">
 [% INCLUDE 'includes/obj_prev_next.tt' objtype='user' objname=username %]
+<table border="0">
+<tr><td>
+[% IF NOT user.get_c_field('exported') OR user.get_c_field('locked') %]
+<img src="[% c.uri_for('/static', 'icons', 'view-media-artist.png') %]"
+[% ELSE %]
+<img src="[% c.uri_for('/static', 'icons', 'user-properties.png') %]"
+[% END %]
+alt="[% "User " _ username %]">
+</td>
+<td>
+[% username | html %]<br>
+[% user.get_c_field('displayName') | html %]
+</td>
+</tr>
+</table>
+    <div>
+    [% IF NOT user.get_c_field('exported') %]
+    <img src="[% c.uri_for('/static', 'icons', 'gtk-delete.png') %]"
+    alt="[% "User " _ username %]" title="le compte est dÃ©sactivÃ©">
+    [% ELSE %]
+    <img src="[% c.uri_for('/static', 'icons', 'user-properties.png') %]"
+    alt="[% "User " _ username %]">
+    [% END %]
+    </div>
+    <div>
+    [% IF user.get_c_field('locked') %]
+    <img src="[% c.uri_for('/static', 'icons', 'locked.png') %]"
+    alt="le compte est vÃ©rrouillÃ©" title="le compte est vÃ©rrouillÃ©">
+    [% END %]
+    </div>
+    <div>
+    <p id="oname">[% username | html %]
+        [% INCLUDE user_flag ouser = user %]</span></p>
+    [% user.get_c_field('displayName') | html %]
+    </div>
+</div>
 <div style="clear: both;"></div>
+<div id="omenu">
         <a href="[% c.uri_for(username) %]"><span [% 'id="oactive"' IF subform == '' %]>SystÃšme</span></a>
         <a href="[% c.uri_for(username, 'status') %]"><span [% 'id="oactive"' IF subform == 'status' %]>Status</span></a>
+        <a href="[% c.uri_for(username, 'statut') %]"><span [% 'id="oactive"' IF subform == 'statut' %]>Statut</span></a>
         <a href="[% c.uri_for(username, 'groups') %]"><span [% 'id="oactive"' IF subform == 'groups' %]>Groupes</span></a>
         <a href="[% c.uri_for(username, 'address') %]"><span [% 'id="oactive"' IF subform == 'address' %]>Adresses</span></a>
         <a href="[% c.uri_for(username, 'mail') %]"><span [% 'id="oactive"' IF subform == 'mail' %]>eMail</span></a>
+        <a href="[% c.uri_for(username, 'my') %]"><span [% 'id="oactive"' IF subform == 'my' %]>My</span></a>
 [% IF c.model('Accounts').db.check_acl(user, 'userPasswd', 'r') %]
         <a href="[% c.uri_for(username, 'passwd') %]"><span [% 'id="oactive"' IF subform == 'passwd' %]>Mot de passe</span></a>
 [% END %]
 </div>
+<div style="clear:both"></div>

LATMOS-Accounts-Web/root/html/users/passwd.tt

-                      r667
+                      r861
 [% INCLUDE 'users/menu.tt' %]
+<script type="text/javascript">
+function check_passwd() {
+    new Ajax.Updater(
+        'perror',
+        '[% c.uri_for('/ajax', 'cracklib', username) %]',
+        { parameters: 'passwd=' + document.getElementById("passwd").value +
+            '&cpasswd=' + document.getElementById("cpasswd").value }
+    )
+}
+</script>
 <div id="oform">
 [% IF c.model('Accounts').db.check_acl(user, 'userPassword', 'w') %]
 <form id="fpasswd" action="[% c.uri_for(username, subform) %]" method="POST">
-[% c.prototype.observe_form('fpasswd', {
-    url => c.uri_for('/ajax', 'cracklib', username),
-    update => 'perror',
-    frequency => 1,
-}) %]
 <table border="1">
 <tr>
 <th>Nouveau mot de passe:</th>
 <td><input type="password" name="passwd"></td>
+<td><input type="password" name="passwd" id="passwd" onkeyup="check_passwd()"></td>
 </tr>
 <tr>
 <th>Confirmation:</th>
 <td><input type="password" name="cpasswd"></td>
+<td><input type="password" name="cpasswd" id="cpasswd" onkeyup="check_passwd()"></td>
 </tr>
 <tr><td colspan="2"><span id="perror">[% pmerror | html %]</span></td></tr>

LATMOS-Accounts-Web/root/static/style.css

-                      r507
+                      r861
     border: none;
     vertical-align: middle;
+    padding: 0em
+}
 .pmenu {
+    padding: 0.5em;
+    font-size: 2em;
+}
+.permdenied {
+    padding: 0.5em;
+}
+#head {
     background-color: #7DB4D8;
+    padding: 0.5em;
+}
+.permdenied {
+    padding: 0.5em;
+}
+#head {
+    font-size: 2em;
+    padding-bottom: 0.2em;
+    padding-top: 0.2em;
+}
 #mainmenu a {
     font-size: 80%;
+    font-size: 50px;
     overflow: hidden;
     text-decoration: none;
 …
 #mainmenu span {
+    padding-left: 1em;
+    padding-right: 1em;
+    text-decoration: none;
+}
+#mainmenu span#actif {
     border-style: outset;
     padding-left: 1em;
     padding-right: 1em;
     text-decoration: none;
+}
+#mainmenu span#actif {
+    border-style: inset;
+    border-size: 1px;
+    padding-left: 1em;
+    padding-right: 1em;
+    text-decoration: none;
+    height: 32px;
+}
 #mainmenu a:hover {
+    border: solid;
+}
+div#objectform  {
+/*    border: solid;*/
+    background-color: #7DB4D8;
+}
+#oinfo div {
+    float: left;
+    padding: 0.5em;
+}
+#oname {
+    font-size: 1.2em;
+    padding: 0em;
+    margin: 0em;
+}
+#omenu a {
+    text-decoration: none;
+    color: black;
+}
+#omenu div {
+    float: left;
+    padding-top: 0.5em;
+    padding-bottom: 0.5em;
+}
+#omenu span {
+    padding-left: 1em;
+    padding-right: 1em;
+    margin: 0;
+    border: groove thin;
+    text-decoration: none;
+    float: left;
+    background-color: #DDDDD9;
+    color: black;
+}
+#omenu span#oactive {
+    padding-left: 1em;
+    padding-right: 1em;
+    margin: 0;
+    border: groove thin;
+    text-decoration: none;
+    float: left;
+    background-color: #7DB4D8;
+    color: black;
+}
+#omenu a:hover {
+    /* border: inset; */
+    text-color blue;
+}
+div.objectform  {
     border-style: outset;
     width: 60%;
 …
+}
 #objectform table {
+.objectform table {
     margin-left: auto;
     margin-right: auto;
 …
+}
+#omenu a {
+    text-decoration: none;
+}
+#omenu td {
+    padding-left: 0.5em;
+    padding-right: 0.5em;
+}
+#omenu table {
+div.objectformleft {
+    /* border-style: outset; */
+    width: 60%;
+    margin-left: auto;
+    margin-right: auto;
+}
+.objectformleft table {
+    /*
+    margin-top: 1em;
+    margin-bottom: 1em;
+    */
+}
+.objectformleft #oform {
+    /*border: inset;*/
+    float: left;
+}
+.oform {
+    /* border: inset; */
     margin: 0.5em;
+}
+#omenu span {
+    padding-left: 1em;
+    padding-right: 1em;
+    margin: 0;
+    border: groove thin;
+    text-decoration: none;
+}
+#omenu span#oactive {
+    margin: 0;
+    padding-left: 1em;
+    padding-right: 1em;
+    border: outset;
+    border-bottom-style: none;
+    text-decoration: none;
+    font-weight:bold;
+}
+#omenu a:hover {
+    border: inset;
+}
+#oform {
+    border: inset;
+}
+table#oform {
+    margin-left: 20%;
+    margin-right: 20%;
+.oform table {
+    /* margin-left: 20%;
+    margin-right: 20%; */
+}
+.oform td {
+    vertical-align: top;
+}
+.oform p {
+    margin: 0.5em;
+    font-weight: bold;
+}
+.oform ul {
+    padding: 0.5em;
+}
+.oform li {
+    list-style-type: none;
+    padding-left: 0.2em;
+}
+.inputvalidate img {
+    width: 1em;
+    height:1em;
+}
+#navigate {
+}
+#navigate p {
+    margin: 0em;
+    text-align: center;
+}
+#navigate input {
+    width: 3em;
+    height:3em;
+    vertical-align: middle;
+}
+#navigate img {
+    width: 2em;
+    height:2em;
+    vertical-align: middle;
+}
+img.notice {
+    width: 1em;
+    height:1em;
+    vertical-align: middle;
+}
+img.attr {
+    width: 1.5em;
+    height:1.5em;
+    vertical-align: middle;
+}

LATMOS-Accounts/Changes

-                      r1
+                      r861
 Revision history for Perl extension LATMOS::Accounts.
+.0.0
+    - attributes are now object with possible properties:
+        * hide: attributes is still availlable but not listed
+        * ro: attributes can only be read
+        * can_values: list of possible values, other are rejected
+        * mandatory: cannot be empty or not set
+        * reference: the attribute point to this object type
+    - add support of network management
+        * object nethost and netzone
+        * BuildNet objects
+        * associated tools
+    - la-sync-manager can now manage multiples task: each task is an object
+      and la-sync-manager.ini control task to run
+    - all configurations files are now located in /etc/latmos-accounts and all
+      files have a fixed name. --config is no longer the main configuration file
+      but the directory containing theses files
+    - configuration files are now more or less documented (man section 5)
+    - exported attributes is replace by unexported attributes (reverse meaning),
+      unlike exported which is true/false, unexported is set or not.
+    - some optimization, especially for SQL base
+    - add la-cli tools: interactive command line with completion
 .01  Wed Feb 25 17:58:38 2009

LATMOS-Accounts/MANIFEST

-                      r859
+                      r861
 bin/la-acls
 bin/la-attributes
+bin/la-buildnet
 bin/la-cli
 bin/la-config
 …
 bin/la-delete
 bin/la-edit
+bin/la-exchange-ip
+bin/la-expired-reminder
+bin/la-find-expired
+bin/la-freeip
 bin/la-graph.pl
 bin/la-group
 …
 bin/la-query
 bin/la-rename
+bin/la-rename-host
 bin/la-rev
 bin/la-search
+bin/la-sql-loadatt
+bin/la-sql-regatt
 bin/la-sync
 bin/la-sync-list
 …
 lib/LATMOS/Accounts/Bases/Dummy/User.pm
 lib/LATMOS/Accounts/Bases/Dummy.pm
+lib/LATMOS/Accounts/Bases/Heimdal/User.pm
+lib/LATMOS/Accounts/Bases/Heimdal.pm
 lib/LATMOS/Accounts/Bases/Ldap/Group.pm
 lib/LATMOS/Accounts/Bases/Ldap/Onlyaddress.pm
 …
 lib/LATMOS/Accounts/Bases/Mail/objects.pm
 lib/LATMOS/Accounts/Bases/Mail.pm
+lib/LATMOS/Accounts/Bases/OCHelper/User.pm
+lib/LATMOS/Accounts/Bases/OCHelper.pm
 lib/LATMOS/Accounts/Bases/Objects.pm
+lib/LATMOS/Accounts/Bases/Sql/Accreq.pm
 lib/LATMOS/Accounts/Bases/Sql/Address.pm
 lib/LATMOS/Accounts/Bases/Sql/Aliases.pm
 lib/LATMOS/Accounts/Bases/Sql/Group.pm
+lib/LATMOS/Accounts/Bases/Sql/Nethost.pm
+lib/LATMOS/Accounts/Bases/Sql/Netzone.pm
+lib/LATMOS/Accounts/Bases/Sql/OCHelper/Accreq.pm
 lib/LATMOS/Accounts/Bases/Sql/Onlyaddress.pm
 lib/LATMOS/Accounts/Bases/Sql/Revaliases.pm
 …
 lib/LATMOS/Accounts/Bases/Unix.pm
 lib/LATMOS/Accounts/Bases.pm
+lib/LATMOS/Accounts/BuildNet.pm
 lib/LATMOS/Accounts/Cli.pm
 lib/LATMOS/Accounts/Log.pm
 lib/LATMOS/Accounts/Maintenance.pm
+lib/LATMOS/Accounts/SyncManager.pm
 lib/LATMOS/Accounts/SynchAccess/Objects.pm
 lib/LATMOS/Accounts/SynchAccess/base.pm
 lib/LATMOS/Accounts/SynchAccess.pm
 lib/LATMOS/Accounts/Synchro.pm
+lib/LATMOS/Accounts/Task/Basessynchro.pm
+lib/LATMOS/Accounts/Task/Buildlistes.pm
+lib/LATMOS/Accounts/Task/Buildnet.pm
+lib/LATMOS/Accounts/Task/Dummy.pm
+lib/LATMOS/Accounts/Task/Refreshexpired.pm
+lib/LATMOS/Accounts/Task.pm
 lib/LATMOS/Accounts/Utils.pm
 lib/LATMOS/Accounts.pm
+man/la-allowed-values.ini.5.pod
+man/la-sync-list.ini.5.pod
+man/la-sync-manager.ini.5.pod
+man/latmos-accounts.ini.5.pod
 patchset/no_useless_load.patch
+sample/allowed_values.ini
+sample/latmos-account.ini
+sample/list.cfg
+sample/la-allowed-values.ini
+sample/la-sync-list.ini
+sample/la-sync-manager.ini
+sample/latmos-accounts.ini
+scripts/la-sw-net
+scripts/ochelper
+sqldata/attributes.csv
+sqldata/base.sql
 t/05_utils.t
 t/06_cli.t
 …
 t/21_acls.t
 t/22_accounts_attributes.t
+t/23_ochelper.t
 t/25_la_synchro.t
 t/26_la_synchaccess.t
+t/30_la_task.t
 t/LATMOS-Accounts.t
 templates/mail/account_expire.mail
+templates/mail/account_expired_reminder.mail
 testdata/acls1
 testdata/acls2
 testdata/aliases
 testdata/config
+testdata/configdir/latmos-accounts.ini
 testdata/group
 testdata/gshadow

LATMOS-Accounts/Makefile.PL

-                      r860
+                      r861
 WriteMakefile(
     NAME              => 'LATMOS::Accounts',
     VERSION           => '0.0.25', # finds $VERSION
+    VERSION           => '2.0.5', # finds $VERSION
     PREREQ_PM         => {
         'Net::LDAP' => undef,
 …
         'Unicode::String' => undef,
         'Crypt::Cracklib' => undef,
+        'Net::IP' => undef,
     }, # e.g., Module::Name => 1.1
     ($] >= 5.005 ?     ## Add these new keywords supported since 5.005
 …
         bin/la-delete
         bin/la-edit
+        bin/la-find-expired
         bin/la-group
         bin/la-guser
 …
         bin/la-query
         bin/la-rename
+        bin/la-rename-host
+        bin/la-exchange-ip
         bin/la-rev
         bin/la-search
 …
         bin/la-warn-expire
         bin/la-web-directory
+        bin/la-freeip
+        bin/la-buildnet
+        bin/la-expired-reminder
+        bin/la-sql-regatt
+        bin/la-sql-loadatt
         ) ],
+        macro => {
+            INSTALLMAN5DIR      => '$(PERLPREFIX)/share/man/man5',
+            DESTINSTALLMAN5DIR  => '$(DESTDIR)$(INSTALLMAN5DIR)',
+            INST_MAN5DIR        => 'blib/man5',
+            DESTRPMDIR          => '$(shell pwd)'
+        },
+        MAN1PODS        => {
+            map {
+                my $targ = $_;
+                $targ =~ s{^man/}{};
+                $targ =~ s{^bin/}{};
+                $targ =~ s/\.(\d)\.pod$//;
+                my $section = $1 || 1;
+                ( $_ =>
+                    "\$(INST_MAN${section}DIR)/$targ.$section" );
+            } <man/*.pod>, (grep { ! /~$/ } <bin/*>)
+        },
 );
 …
 sub postamble {
     <<EOF;
 .PHONY .= svnmanifest
+#.PHONY .= svnmanifest
 svnmanifest:
 …
 \t --define "_sourcedir `pwd`" \\
 \t --define "_specdir `pwd`" \\
+\t --define "_srcrpmdir `pwd`" \\
+\t --define "_rpmdir `pwd`" \\
+\t --define "_srcrpmdir \$(DESTRPMDIR)" \\
+\t --define "_rpmdir \$(DESTRPMDIR)" \\
+\t latmos-accounts.spec
+svnrpm: \$(DISTVNAME).tar.gz latmos-accounts.spec
+\tmkdir \$(DESTRPMDIR)/noarch || :
+\trpmbuild -ba --clean\\
+\t --define "_sourcedir `pwd`" \\
+\t --define "_specdir `pwd`" \\
+\t --define "_srcrpmdir \$(DESTRPMDIR)" \\
+\t --define "_rpmdir \$(DESTRPMDIR)" \\
+\t --define "svnrelease `LC_ALL=C svn info | grep '^Revision:' | sed 's/Revision: //'`" \\
 \t latmos-accounts.spec
 EOF
+}
+sub installbin {
+    my $self = shift;
+    my $inherited = $self->SUPER::installbin(@_);
+    my $s = join '|', map quotemeta, @sbin_scripts;
+    # how to create needed directories under blib
+    $inherited .= $self->dir_target("\$(INST_$_)") for qw(MAN5DIR);
+    $inherited;
+}
+sub top_targets {
+    my $inherited = shift->SUPER::top_targets(@_);
+    $inherited =~ s/^config ::/$& \$(INST_MAN5DIR)\$(DIRFILESEP).exists/m;
+    $inherited;
+}
 …
     $section =~ s/(^install ::.*)/$1 install_config install_templates/m;
+    $section =~ s/\$\(INST_BIN\) \$\(DESTINSTALL(\w*)BIN\)/$& \$(INST_MAN5DIR) \$(DESTINSTALLMAN5DIR)/g;
     $section .= q[
 install_config ::
         install -d $(DESTDIR)/etc
+        install sample/latmos-account.ini $(DESTDIR)/etc/latmos-account.ini
+        install -d $(DESTDIR)/etc/latmos-accounts
+        install sample/latmos-accounts.ini $(DESTDIR)/etc/latmos-accounts/latmos-accounts.ini
+        install sample/la-sync-list.ini $(DESTDIR)/etc/latmos-accounts/la-sync-list.ini
+        install sample/la-allowed-values.ini $(DESTDIR)/etc/latmos-accounts/la-allowed-values.ini
+        install sample/la-sync-manager.ini $(DESTDIR)/etc/latmos-accounts/la-sync-manager.ini
 install_templates ::

LATMOS-Accounts/TODO

-                      r282
+                      r861
 $Id$
+Having a way to requires:
+    perl(IO::Socket::SSL) (need by LDAP for SSL)
+    perl(Unicode::Map8) (Need by AD module)
+- fix la-rename when one of base don't support the object type

LATMOS-Accounts/bin/la-attributes

-                      r594
+                      r861
 =head1 OPTIONS
 =item -c|--config configfile
+=over 4
+Use this configuration file instead of thr default one.
+=item -c|--config configdir
+Use this configuration directory instead of thr default one.
 =item -b|--base basename
 Perform query on this base(s) (can be set multiple times).
+=back
 =cut
 …
         };
         foreach($labase->list_canonical_fields($otype, 'a')) {
             $supported{$_}{$basename} = sprintf('%s%s',
                 ($labase->get_field_name($otype, $_, 'r') ? 'r' : ' '),
                 ($labase->get_field_name($otype, $_, 'w') ? 'w' : ' '),
+            my $attr = $labase->attribute($otype, $_);
+            $supported{$_}{$basename} = sprintf('%s',
+                $attr ? ($attr->ro ? 'r ' : 'rw') : '  '
             );
+        }

LATMOS-Accounts/bin/la-cli

-                      r849
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-config

-                      r594
+                      r861
 =head1 OPTIONS
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename
 …
         $otype,
         $base ? $base : $LA->default_base_name;
+        printf(
+            "  %s (%s%s)\n", $_,
+            ($labase->get_field_name($otype, $_, 'r') ? 'r' : ' '),
+            ($labase->get_field_name($otype, $_, 'w') ? 'w' : ' '),
+        ) foreach($labase->list_canonical_fields($otype, 'a'));
+        foreach($labase->list_canonical_fields($otype, 'a')) {
+                my $attr = $labase->attribute($otype, $_);
+            printf(
+                "  %s (%s%s)\n", $_,
+                'r',
+                ($attr->readonly ? 'w' : ' '),
+            )
+        }
     } else {
         my $labase = $base ? $LA->base($base) : $LA->default_base
 …
         printf "Supported object type by base %s\n",
             $base ? $base : $LA->default_base_name;
         print "  $_\n" foreach($labase->list_supported_objects);
+        print "  $_\n" foreach($labase->ordered_objects);
+    }
+}

LATMOS-Accounts/bin/la-create

-                      r672
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-crypt-passwd

-                      r664
+                      r861
 use strict;
 use warnings;
 use LATMOS::Accounts::Maintenance;
+use LATMOS::Accounts;
 use Getopt::Long;
 use Pod::Usage;
 …
     'regen'      => \my $regen,
     'set=s'      => \my $set,
+    'base=s'     => \my $base,
 ) or pod2usage();
 …
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item --genkey
 …
 Stored password will be read and encrypted again using the new key.
+=item --base base
+Work on this specific base instead default one
 =item --set BASE
 …
 =cut
+my $LA = LATMOS::Accounts::Maintenance->new($config);
+$LA->wexported(1);
+my $LA = LATMOS::Accounts->new($config, noacl => 1);
+my $labase = $base ? $LA->base($base) : $LA->default_base;
+$labase && $labase->load or die "Cannot load base";
+$labase->wexported(1);
 my $clear;
 …
 sub get_clear_password {
     $clear and return $clear;
     my %encpasswd = $LA->get_rsa_password;
+    my %encpasswd = $labase->get_rsa_password;
     scalar(keys %encpasswd) or return {};
     ReadMode('noecho');
 …
     ReadMode 0;
     print "\n";
     my $private_key = $LA->private_key($password) or
+    my $private_key = $labase->private_key($password) or
         die "Cannot get private key\n";
     my $rsa = new Crypt::RSA ES => 'PKCS1v15';
 …
 if ($set) {
     if (!$LA->_base->get_global_value('rsa_private_key')) {
+    if (!$labase->get_global_value('rsa_private_key')) {
         warn "No rsa key found in database\n";
+    }
 …
     $destbase->commit;
 } elsif ($regen || $genkey) {
     if ($LA->_base->get_global_value('rsa_private_key') && !$regen) {
+    if ($labase->get_global_value('rsa_private_key') && !$regen) {
         die <<EOF;
 A rsa key were found in database please use --regen to force a new key
 …
     ReadMode 0;
     print "\n";
     my ($public, $private) = $LA->generate_rsa_key($password);
+    my ($public, $private) = $labase->generate_rsa_key($password);
+    $LA->store_rsa_key($public, $private);
+    my $base = $LA->_base;
+    $base->wexported(1);
+    $labase->store_rsa_key($public, $private);
     foreach (keys %$clearpasswd) {
         my $obj = $base->get_object('user', $_);
+        my $obj = $labase->get_object('user', $_);
         $obj->set_password($clearpasswd->{$_});
+    }
     $base->commit;
+    $labase->commit;
 } else {
     if ($LA->_base->get_global_value('rsa_private_key')) {
+    if ($labase->get_global_value('rsa_private_key')) {
         my $clearpasswd = get_clear_password();
         foreach (keys %$clearpasswd) {

LATMOS-Accounts/bin/la-delete

-                      r685
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-edit

-                      r664
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-graph.pl

-                      r457
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead the default one
+Use this configuration directory instead the default one
 =item -b|--base basename
 …
 my $g = GraphViz->new(
     layout => 'neato',
     concentrate => 1,
     overlap => 'compress',
     ratio => 'compress',
+    layout => 'dot',
+    overlap => 'false',
+    rankdir => 1,
+    width => 10, height => 8,
 );
 …
 my %users;
+my %cluster;
+sub add_user {
+    my ($user) = @_;
+    $users{$user} and return;
+    my $ou = $labase->get_object('user', $user) or return;
+    my $dpmt = $ou->get_attributes('department');
+    if ($dpmt) {
+        $cluster{$dpmt} ||= {
+            name => $dpmt,
+        };
+    }
+    $g->add_node($user, ($dpmt ? (cluster => $cluster{$dpmt}) : ()));
+;
+}
+$g->add_node('latmos');
 foreach my $gr ($labase->list_objects('group')) {
     my $o = $labase->get_object('group', $gr);
+    ($o->get_c_field('sutype') || '') =~ /^(dpmt|cell)$/ or next;
+    $g->add_node($gr,fillcolor => 'red', style => 'filled');
+    my $sutype = $o->get_c_field('sutype');
+    ($sutype || '') =~ /^(dpmt|cell)$/ or next;
+    $g->add_node($gr,fillcolor => ($sutype eq 'dpmt' ? 'red' : 'green'), style => 'filled');
+    my $manager = $o->get_attributes('managedBy') || '';
+    warn "MANAGER $manager";
+    if ($manager) {
+        add_user($manager);
+        $g->add_edge('latmos', $gr);
+        $g->add_edge($manager => $gr, weight => 3);
+    }
     foreach ($o->get_attributes('member')) {
+        $users{$_} or do {
+            $users{$_} = 1;
+            $g->add_node($_);
+        };
+        $_ eq $manager and next;
+        add_user($_);
         warn "$_ => $gr";
         $g->add_edge($_ => $gr);
+        $g->add_edge($gr => $_, weight => 1);
+    }
+}

LATMOS-Accounts/bin/la-group

-                      r849
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-guser

-                      r849
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-log-test

-                      r594
+                      r861
     'c|config=s' => \my $config,
     'l|level=s'  => \my $level,
     'list'       => \my $list,
+    'mail=s'     => \my $mail,
     'help'       => sub { pod2usage(0) },
 ) or pod2usage();
 …
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -l|--level level
 …
 Set the log level
+=item --mail email
+Setup log error sent to email at end of execution
 =cut
 $level ||= 'LA_INFO';
+if ($mail) {
+    la_set_log(mail => $mail);
+}
 my $numlevel = eval "LATMOS::Accounts::Log::$level()";

LATMOS-Accounts/bin/la-passwd

-                      r773
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-qacls

-                      r849
+                      r861
 =head1 OPTIONS
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-query

-                      r849
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-rename

-                      r715
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-rev

-                      r837
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename

LATMOS-Accounts/bin/la-search

-                      r849
+                      r861
 =over 4
 =item --config configfile
+=item --config configdir
 Use this configuration file instead default
+Use this configuration directory instead default
 =item --base basename
 …
 $otype ||= 'user';
 my $LA = LATMOS::Accounts->new($config);
+my $LA = LATMOS::Accounts->new($config, noacl => 1);
 my $labase = $base ? $LA->base($base) : $LA->default_base;
 $labase && $labase->load or die "Cannot load base";

LATMOS-Accounts/bin/la-sync

-                      r777
+                      r861
     'to=s'         => \my @to,
     'nocreate'     => \my $nocreate,
+    'nodelete'     => \my $nodelete,
     'test'         => \my $test,
     'o|object=s'   => \my $otype,
     's|syncname=s' => \my $syncname,
+    'b|batch'    => \my $batch,
+    'b|batch'      => \my $batch,
+    'unexp'        => \my $unexp,
 ) or pod2usage();
 =head1 OPTIONS
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item --from basename
 …
 to perform immediate synchronisation.
+=item --unexp
+Sync unexported objects in source base
 =cut
 …
     from => $from,
     to => (@to ? [ @to ] : undef),
-    nocreate => $nocreate,
     test     => $test,
+    unexported => $unexp,
 ) or die "cannot create sync object\n";
 $sync->load_dest and return;
 …
+    }
 } else {
+    $sync->process() or warn "Sync has failed\n";
+    $sync->process(
+        test     => $test,
+        nodelete => $nodelete,
+        nocreate => $nocreate,
+    ) or warn "Sync has failed\n";
+}

LATMOS-Accounts/bin/la-sync-list

-                      r834
+                      r861
 use strict;
 use warnings;
 use LATMOS::Accounts;
+use LATMOS::Accounts::Task;
 use Getopt::Long;
 use Pod::Usage;
-use Config::IniFiles;
 =head1 NAME
 …
 =over 4
 =item --config configfile
+=item --config configdir
 Use this configuration file instead default
+Use this configuration directory instead default
 =item --base basename
 …
 =item --lc cfg
 la-list-sync config file
+la-list-sync config file, defaults to la-sync-list.ini in config directory.
 =back
 …
 ) or pod2usage();
-my $listcfg = Config::IniFiles->new(
-    -file => $listconfig,
-    -default => '_default_',
-) or die "Cannot open list config file\n";
+my $LA = LATMOS::Accounts->new($config);
+my $labase = $base ? $LA->base($base) : $LA->default_base;
+$labase && $labase->load or die "Cannot load base";
+my $task = LATMOS::Accounts::Task->new(
+    'buildlistes',
+    listconfig => $listconfig,
+    base => $base,
+    config => $config,
+);
+my %cache;
+$task->init || die "Can't instanciate\n";
+exit($task->run ? 0 : 1);
-foreach my $list ($listcfg->Sections) {
-    my %content = ();
-    $list eq '_default_' and next;
-    $listcfg->val($list, 'ignore') and next;
-    my $fmt = $listcfg->val($list, 'fmt', '%{mail}');
-    my $otype = $listcfg->val($list, 'objects', 'user');
-    foreach (grep { $_ } $listcfg->val($list, 'addtolist')) {
-        $content{$_} = 1;
+    }
-    my %ids;
-    foreach my $param ($listcfg->Parameters($list)) {
-        $param =~ /^filter/ or next;
-        foreach my $id (sort $labase->search_objects(
-                $listcfg->val($list, 'objects', 'user'),
-                $listcfg->val($list, $param),)) {
-            $ids{$id} = 1;
+        }
+    }
-    foreach my $id (sort keys %ids) {
-        if (!$cache{$otype}{$fmt}{$id}) {
-            my $obj = $labase->get_object(
-                $otype,
-                $id,
-            );
-            $cache{$otype}{$fmt}{$id} = $obj->queryformat($fmt);
+        }
-        $content{ $cache{$otype}{$fmt}{$id} } = 1;
+    }
-    my $cmd = $listcfg->val($list, 'cmd', 'cat');
-    $cmd =~ s/%%/$list/g;
-    if (open(my $handle, '|' . $cmd)) {
-        foreach (keys %content) {
-            print $handle $_ ."\n";
+        }
-        close($handle);
+    }
+}
-exit(0);

LATMOS-Accounts/bin/la-sync-manager

-                      r816
+                      r861
 use Getopt::Long;
 use Pod::Usage;
+use Config::IniFiles;
 use LATMOS::Accounts;
+use LATMOS::Accounts::SyncManager;
 use LATMOS::Accounts::Log;
+use LATMOS::Accounts::Task;
 GetOptions(
 …
     'help'         => sub { pod2usage(0) },
     'test'         => \my $test,
+    's|syncname=s' => \my $syncname,
+    'wait=i'       => \my $wait,
+    'r|run=s'      => \my $run,
 ) or pod2usage();
 my $needsync = 0;
+my $needsync = 2;
 my $pidfile = undef;
+$wait ||= 5; # default in minutes
+my $syncm = LATMOS::Accounts::SyncManager->new($config) or do {
+    la_log LA_ERR, "Cannot instanciate Sync Manager";
+    exit(1);
+};
+if ($run) {
+    my $res = $syncm->process_module($run);
+    exit($res ? 0 : 1);
+}
 la_set_log(
 …
 );
+{
     my $LA = LATMOS::Accounts->new($config, noacl => 1);
     if ($LA->val('_default_', 'state_dir')) {
         $pidfile = $LA->val('_default_', 'state_dir') . '/sync-manager.pid';
+    }
+    if (my $mail = $LA->val('_network_', 'maillog')) {
+            la_set_log(mail => $mail);
+    }
+}
 …
+}
-sub sync {
-    la_log LA_NOTICE, "Starting synchronisation";
-    my $LA = LATMOS::Accounts->new($config, noacl => 1) or do {
-        la_log LA_ERR, "Cannot instantiate LA";
-        return 1;
-    };
-    my $sync = $LA->create_synchro(
-        $syncname || $LA->default_synchro_name,
-        test     => $test,
-    ) or do {
-       la_log LA_ERR, "cannot create sync object";
-       return 2;
-    };
-    $sync->load_dest and do {
-        la_log LA_ERR, "Cannot load destination";
-        return 3;
-    };
-    $sync->process() or do {
-        la_log LA_ERR, "Sync has failed\n";
-        return 4;
-    };
-    la_log LA_NOTICE, "Ending synchronisation";
-    return 0;
+}
 $SIG{INT} = sub {
     unlink($pidfile) if ($pidfile);
 …
 };
+sub process {
+    my ($module, $baserev) = @_;
+    my $pid = fork;
+    if ($pid == 0) {
+        $SIG{INT} = 'DEFAULT';
+        my $res = $syncm->process_module($module, $baserev);
+        exit($res ? 0 : 1);
+    }
+    my $retpid;
+    while(($retpid = waitpid(-1, 0)) <= 0) {}
+    local $SIG{HUP} = 'IGNORE';
+    if ($retpid) {
+        my $res = $? << 8;
+        if ($res) {
+            la_log LA_ERR, "Sync process exit with $res";
+            return;
+        }
+    }
+    return 1;
+}
+my $lasttout;
+my %revs;
 while (1) {
     if ($needsync) {
+        my $levelsync = $needsync;
         $needsync = 0;
+        my $pid = fork;
+        if ($pid == 0) {
+            $SIG{INT} = undef;
+            exit sync();
+        {
+            local $SIG{HUP} = 'IGNORE';
+            $syncm->updrev;
+            # listing module to run in this loop
+            $lasttout = scalar(time) if ($levelsync == 2);
+        }
+        my $retpid;
+        while(($retpid = waitpid(-1, 0)) <= 0) {}
+        if ($retpid) {
+            my $res = $? << 8;
+        foreach my $module ($syncm->list_modules()) {
+            next if ($syncm->ini->val($module, 'lazy') && $levelsync < 2);
+            my $res = process($module, $revs{$module} || 0);
             if ($res) {
+                la_log LA_ERR, "Sync process exit with $res";
+            }
+            next;
+                $revs{$module} = $syncm->dbrev;
+            }
+        }
+    }
     # waiting, to perform next sync
+    sleep(60 * 15);
+    $needsync = 1;
+    sleep(15) unless($needsync);
+    # if it is not time yet:
+    next if($lasttout + ($wait * 60) > scalar(time));
+    $needsync = 2;
+}

LATMOS-Accounts/bin/la-warn-expire

-                      r778
+                      r861
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -m|mail
 …
 =head1 CONFIGURATION
 Some variables are taken from configuration file:
+Some variables are taken from configuration directory:
 =over 4

LATMOS-Accounts/bin/la-web-directory

-                      r849
+                      r861
 =head1 NAME
     la-query - Tools to query base in LATMOS::Accounts system
+    la-web-directory - Generate directory file for website
 =head1 SYNOPSIS
+    la-query [options] [obj_id]
+=item [obj_id] : If present, all set attributes (rw) will be displayed for that obj_id.
+        If none is given, all obj_ids will be printed.
+For the default object_type (user), obj_id = login.
+Example : la-query lambda
+    la-web-directory
 =cut
 …
 =over 4
 =item -c|--config configfile
+=item -c|--config configdir
 Use this configuration file instead of the default one.
+Use this configuration directory instead of the default one.
 =item -b|--base basename
 …
 foreach my $user (sort $labase->search_objects('user',
             @filters ? @filters : 'sn=*')) {
     my $ouser = $labase->get_object('user', $user);
+    my $ouser = $labase->get_object('user', $user) or next;
     $ouser->get_attributes('sn') or next;
     if ($noexpire && (my $expdate = $ouser->get_attributes('expireText'))) {
 …
     my $company = $ouser->get_attributes('company');
     my $contrat = $ouser->get_attributes('contratType');
+    my $contrat = $ouser->get_attributes('contratType') || '';
     if ($company){
         if (($company ne "LATMOS")&&($contrat ne "heberges")) {
 …
     if ($labase->is_supported_object('address')) {
+        @oaddress =
+        @oaddress =
+            sort { $a->get_attributes('isMainAddress') ? 0 : 1 }
             grep { $_ } (
             map { $labase->get_object('address', $_) }
 …
         $department = join(' ', @userdepts);
+    }
+    my $line = join(';', map { $_ || '' } (
+    my @fmtaddr;
+    foreach (0, 1) {
+        if ($oaddress[$_]) {
+            my $city;
+            if (my $site = $oaddress[$_]->get_attributes('site')) {
+                $city = $labase->get_object('site',
+                    $site)->get_attributes('siteNick');
+            }
+            if (!$city) {
+                $city = $oaddress[$_]->get_attributes('l') || '';
+                $city =~s/Paris */PAR/g;
+                $city =~s/Guyancourt */GUY/g;
+                $city =~s/VÃ©lizy-Villacoublay */VEL/g;
+                $city =~s/VerriÃšres le Buisson */VLB/g;
+                $city =~s/St Maur des FossÃ©s */STM/g;
+            }
+            my $office = $oaddress[$_]->get_attributes('physicalDeliveryOfficeName');
+            push(@fmtaddr, join('-', grep { defined($_) } ($city || '', $office)));
+        }
+    }
+    my $line = join('|', map { $_ || '' } (
             $ouser->get_attributes('sn'),
             $ouser->get_attributes('givenName'),
             $department,
+            ($oaddress[0] ? join(' ', map { $_ || '' }
+                    $oaddress[0]->get_attributes('l'), grep { $_ }
+                    $oaddress[0]->get_attributes('physicalDeliveryOfficeName'),
+                ) : ''),
+            ($oaddress[1] ? join(' ', map { $_ || '' } grep { $_ }
+                    $oaddress[1]->get_attributes('l'),
+                    $oaddress[1]->get_attributes('physicalDeliveryOfficeName'),
+                ) : ''),
+            ($oaddress[0] ? $oaddress[0]->get_attributes('telephoneNumber') : ''),
+            ($oaddress[1] ? $oaddress[1]->get_attributes('telephoneNumber') : ''),
+            $fmtaddr[0] || '',
+            $fmtaddr[1] || '',
+            map {
+                my $l = $_ || '';
+                $l =~s/ *([0-9])/$1/g;
+                $l =~s/\(//g;
+                $l =~s/\)//g;
+                $l =~s/\+33//g;
+                $l
+            } (
+                ($oaddress[0] ? $oaddress[0]->get_attributes('telephoneNumber') : ''),
+                ($oaddress[1] ? $oaddress[1]->get_attributes('telephoneNumber') : ''),
+            ),
             $ouser->get_attributes('mail'),
             $ouser->get_attributes('nickname'),
+            $ouser->get_attributes('snNative') || '',
+            $ouser->get_attributes('givenNameNative') || '',
+            $ouser->get_attributes('wWWHomePage') || '',
+            $ouser->get_attributes('halReference') || '',
         ));
+        $line =~s/Paris */PAR-/g;
+        $line =~s/Guyancourt */GUY-/g;
+        $line =~s/VÃ©lizy-Villacoublay */VEL-/g;
+        $line =~s/VerriÃšres le Buisson */VLB-/g;
+        $line =~s/St Maur des FossÃ©s */STM-/g;
+        $line =~s/\+ *33 *1 *//g;
+        $line =~s/:1/:01/g;
     $users{$ouser->get_attributes('sn')}{$ouser->get_attributes('givenName')} = $line;

LATMOS-Accounts/etc/init.d/la-sync-manager

r603	r861
11	11	export LANG
12	12
13		USER=~~apache~~
	13	USER=nobody
14	14	[ -f /etc/sysconfig/latmos-accounts ] && \
15	15	. /etc/sysconfig/latmos-accounts

LATMOS-Accounts/latmos-accounts.spec.in

-                      r841
+                      r861
 %define realname   LATMOS-Accounts
 %define version    @VERSION@
 %define release    %mkrel 1
+%define release    %mkrel %{?svnrelease:0.%{svnrelease}}%{?!svnrelease:1}
 Name:       latmos-accounts
 …
 BuildRequires: perl(Net::DNS)
 BuildRequires: perl(Template)
+BuildRequires: perl(Net::IP)
+BuildRequires: perl(Text::CSV_XS)
+BuildRequires: perl(Heimdal::Kadm5)
 Requires: perl(Mail::Sendmail)
 …
 Requires: perl(DBD::Pg)
 Requires: perl(IO::Socket::SSL)
+Requires: perl-Term-ReadLine-Gnu
 %description
 …
 %config(noreplace) %_sysconfdir/sysconfig/latmos-accounts
 %config(noreplace) %_sysconfdir/cron.d/latmos-accounts
 %attr(0600,root,root) %config(noreplace) %_sysconfdir/latmos-account.ini
+%attr(0600,nobody,nobody) %config(noreplace) %_sysconfdir/latmos-accounts/*
 %_bindir/*
+%{_mandir}/man1/*
 %{_mandir}/man3/*
 %{_mandir}/man1/*
+%{_mandir}/man5/*
 %perl_vendorlib/*
 %_datadir/latmos-accounts

LATMOS-Accounts/lib/LATMOS/Accounts.pm

-                      r684
+                      r861
 =cut
+sub _configdir {
+   my ($self) = @_;
+   ($self || {})->{_configdir} || '/etc/latmos-accounts'
+}
 =head1 FUNCTION
 =head2 new($configfile)
+=head2 new($configdir)
 Instanciate a new LATMOS::Accounts object.
 $configfile if defined is the Config::IniFiles formatted file to use,
 default to F</etc/latmos-account.ini>.
+$configdir if defined is the directory containing files to use,
+default to F</etc/latmos-accounts/>.
 =cut
 …
     my ($class, $config, %options) = @_;
+    $config ||= '/etc/latmos-account.ini';
+    $config ||= _configdir();
+    my $oldconfig ||= '/etc/latmos-account.ini';
+    # If config file not found, fallback to old one
+    my $configfile = -f join('/', $config, 'latmos-accounts.ini')
+        ? join('/', $config, 'latmos-accounts.ini')
+        : '/etc/latmos-account.ini';
     my $self = Config::IniFiles->new(
         -file => $config,
+        -file => $configfile,
         '-default' => '_default_',
+    );
+    if ((!$options{noacl}) && $self->val('_default_', 'acls')) {
+        my $acls = LATMOS::Accounts::Acls->new(
+            $self->val('_default_', 'acls')
+        ) or do {
+            return;
+        };
+        $self->{_acls} = $acls;
+    ) or do {
+        la_log(LA_ERR, 'Can\'t open main config file %s', $configfile);
+        return;
+    };
+    $self->{_configdir} = $config;
+    bless($self, $class);
+    if (!$options{noacl}) {
+        if ($self->val('_default_', 'acls')) {
+            $self->{_acls} = LATMOS::Accounts::Acls->new(
+                $self->val('_default_', 'acls')
+            ) or do {
+                la_log(LA_ERR,
+                    'Cannot load ACL file %s', $self->val('_default_', 'acls')
+                );
+                return;
+            };
+        } elsif (-f (my $aclf = join('/', $self->_configdir, 'la-acls.ini'))) {
+            $self->{_acls} = LATMOS::Accounts::Acls->new($aclf) or do {
+                la_log(LA_ERR, 'Cannot load ACL file %s', $aclf);
+                return;
+            };
+        }
+    }
 …
         $self->{_allowed_values} = Config::IniFiles->new(
             -file => $self->val('_default_', 'allowed_values'),
-            -allowempty => 1,
         ) or do {
+            la_log(LA_ERR, 'Cannot load ALLOWED VALUES %s',
+                $self->val('_default_', 'allowed_values'));
             return;
         };
+    }
+    bless($self, $class)
+    } elsif (-f (my $allowf = join('/', $self->_configdir,
+                'la-allowed-values.ini'))) {
+        $self->{_allowed_values} = Config::IniFiles->new(
+            -file => $allowf,
+        ) or do {
+            la_log(LA_ERR, 'Cannot load ALLOWED VALUES %s', $allowf);
+            return;
+        };
+    }
+    $self
+}
 …
         acls => $self->{_acls},
         allowed_values => $self->{_allowed_values},
+        configdir => $self->_configdir,
     ) or do {
         la_log(LA_WARN, "Cannot instanciate base $section ($type)");

LATMOS-Accounts/lib/LATMOS/Accounts/Bases.pm

-                      r856
+                      r861
+}
+=head2 log($level, $msg, $arg)
+Log a message prefixed by database information
+=cut
 sub log {
     my ($self, $level, $msg, @args) = @_;
 …
+}
+=head2 label
+Return the database label
+=cut
 sub label {
     $_[0]->{_label} || 'NoLabel';
 …
+}
+sub allowed_values {
+    $_[0]->{_allowed_values}
+}
+sub obj_attr_allowed_values {
+    my ($self, $otype, $attr) = @_;
+    if ($self->allowed_values) {
+        return $self->allowed_values->val("$otype.$attr", 'allowed');
+    }
+    return();
+}
+sub check_allowed_values {
+    my ($self, $otype, $attr, $attrvalues) = @_;
+    $self->allowed_values or return 1;
+    my @values = ref $attrvalues ? @{ $attrvalues } : $attrvalues;
+    foreach my $value (@values) {
+        $value or next;
+        if (my @allowed = $self->allowed_values->val("$otype.$attr", 'allowed')) {
+            grep { $value eq $_ } @allowed or do {
+                $self->log(LA_ERR,
+                    "value `%s' is not allow for %s.%s per configuration (allowed_values)",
+                    $value, $otype, $attr
+                );
+                return;
+            };
+        }
+    }
+    return 1;
+}
+sub _load_obj_class {
+    my ($self, $otype) = @_;
+    # finding perl class:
+    my $pclass = ref $self;
+    $pclass .= '::' . ucfirst(lc($otype));
+    eval "require $pclass;";
+    if ($@) {
+        $self->log(LA_DEBUG, 'Cannot load perl class %s', $pclass);
+        return
+    } # error message ?
+    return $pclass;
+}
+=head2 list_canonical_fields($otype, $for)
+Return the list of supported fields by the database for object type $otype.
+Optionnal $for specify the goal for which the list is requested, only supported
+fields will be returns
+=cut
+sub list_canonical_fields {
+    my ($self, $otype, $for) = @_;
+    $for ||= 'rw';
+    my $pclass = $self->_load_obj_class($otype) or return;
+    sort $pclass->_canonical_fields($self, $for);
+}
+sub get_attr_schema {
+    my ($self, $otype, $attribute) = @_;
+    my $pclass = $self->_load_obj_class($otype) or return;
+    if ($pclass->can('_get_attr_schema')) {
+        my $info = $pclass->_get_attr_schema($self, $attribute);
+        return $info if ($info);
+    }
+    if ($self->can('_get_attr_schema')) {
+        my $info = $self->_get_attr_schema($otype, $attribute);
+        return $info if($info);
+    }
+    return {}
+}
+sub attribute {
+    my ($self, $otype, $attribute) = @_;
+    return LATMOS::Accounts::Bases::Attributes->new(
+        $attribute,
+        $self,
+        $otype,
+    );
+}
+sub delayed_fields {
+    my ($self, $otype, $for) = @_;
+    $for ||= 'rw';
+    my $pclass = $self->_load_obj_class($otype) or return;
+    $pclass->_delayed_fields($self, $for);
+}
+=head2 get_field_name($otype, $c_fields, $for)
+Return the internal fields name for $otype object for
+canonical fields $c_fields
+=cut
+sub get_field_name {
+    my ($self, $otype, $c_fields, $for) = @_;
+    $for ||= 'rw';
+    my $pclass = $self->_load_obj_class($otype) or return;
+    $pclass->_get_field_name($c_fields, $self, $for);
+sub options {
+    my ($self, $opt) = @_;
+    return $self->{_options}{$opt};
+}
 …
+}
+sub ordered_objects {
+    my ($self) = @_;
+    my %deps;
+    my %maxdeps;
+    my @objs = sort { $b cmp $a } $self->list_supported_objects;
+    foreach my $obj (@objs) {
+        foreach my $at ($self->list_canonical_fields($obj)) {
+            my $attr = $self->attribute($obj, $at);
+            $attr->ro and next;
+            $attr->{delayed} and next;
+            if (my $res = $attr->reference) {
+                $deps{$obj}{$res} ||= 1;
+                if ($attr->mandatory) {
+                    $deps{$obj}{$res} = 2;
+                    $maxdeps{$res} = 1;
+                }
+            }
+        }
+    }
+    sort {
+        if (keys %{$deps{$a} || {}}) {
+            if (keys %{$deps{$b} || {}}) {
+                return (
+                    ($deps{$a}{$b} || 0) > ($deps{$b}{$a} || 0) ?  1 :
+                    ($deps{$b}{$a} || 0) > ($deps{$a}{$b} || 0) ? -1 :
+                    ($maxdeps{$b} || 0) - ($maxdeps{$a} || 0)
+                );
+            } else {
+                return 1;
+            }
+        } elsif (keys %{$deps{$b} || {}}) {
+            return -1;
+        } else {
+            return  ($maxdeps{$b} || 0) - ($maxdeps{$a} || 0)
+        }
+    } @objs;
+}
+sub _load_obj_class {
+    my ($self, $otype) = @_;
+    # finding perl class:
+    my $pclass = ref $self;
+    $pclass .= '::' . ucfirst(lc($otype));
+    eval "require $pclass;";
+    if ($@) {
+        $self->log(LA_DEBUG, 'Cannot load perl class %s', $pclass);
+        return
+    } # error message ?
+    return $pclass;
+}
 =head2 is_supported_object($otype)
 …
 sub create_object {
     my ($self, $otype, $id, %data) = @_;
+    "$id" or do {
+        $self->log(LA_ERR, "Cannot create %s object with empty id",
+            $otype);
+        return;
+    };
     my $pclass = $self->_load_obj_class($otype);
     if ($pclass->_create($self, $id, %data)) {
 …
         return;
     };
+    if (my $chk = (lc($otype) eq 'user' || lc($otype) eq 'group')
+    $self->_create_c_object($otype, $id, %cdata);
+}
+sub _create_c_object {
+    my ($self, $otype, $id, %cdata) = @_;
+    if (my $chk = (
+        lc($otype) eq 'user' || lc($otype) eq 'group')
         ? LATMOS::Accounts::Utils::check_ug_validity($id)
         : LATMOS::Accounts::Utils::check_oid_validity($id)) {
 …
         };
+    }
-    $self->_create_c_object($otype, $id, %cdata);
+}
-sub _create_c_object {
-    my ($self, $otype, $id, %cdata) = @_;
     # populating default value
 …
                 to_ascii(lc($cdata{sn})),)
             : undef;
+        $mailid =~ s/\s*//g if($mailid);
         if ($mailid &&
             $self->is_supported_object('aliases') &&
             ! $self->get_object('aliases', $mailid)) {
             if ($self->get_field_name($otype, 'mail', 'write')) {
                 if ($self->{defattr}{'user.maildomain'}) {
+            if (my $attr = $self->attribute($otype, 'mail')) {
+                if ((!$attr->ro) && $self->{defattr}{'user.maildomain'}) {
                     $cdata{mail} ||= sprintf('%s@%s',
                     $mailid,
 …
+                }
+            }
             if ($self->get_field_name($otype, 'aliases', 'write')) {
                 $cdata{aliases} ||= $mailid;
+            if (my $attr = $self->attribute($otype, 'aliases')) {
+                $cdata{aliases} ||= $mailid unless ($attr->ro);
+            }
             if ($self->get_field_name($otype, 'revaliases', 'write')) {
                 $cdata{revaliases} ||= $mailid;
+            if (my $attr = $self->attribute($otype, 'revaliases')) {
+                $cdata{revaliases} ||= $mailid unless ($attr->ro);
+            }
+        }
 …
     my %data;
     foreach my $cfield (keys %cdata) {
+        my $field = $self->get_field_name($otype, $cfield, 'write') or next;
+        $data{$field} = $cdata{$cfield};
+    }
+    keys %data or return 0; # TODO: return an error ?
+        my $attribute = $self->attribute($otype, $cfield) or next;
+        $attribute->ro and next;
+        $data{$attribute->iname} = $cdata{$cfield};
+    }
+    #keys %data or return 0; # TODO: return an error ?
     $self->create_object($otype, $id, %data);
+}
+sub _allowed_values {
+    $_[0]->{_allowed_values}
+}
+sub obj_attr_allowed_values {
+    my ($self, $otype, $attr) = @_;
+    if ($self->_allowed_values &&
+        $self->_allowed_values->SectionExists("$otype.$attr")) {
+        return grep { defined($_) } $self->_allowed_values->val("$otype.$attr", 'allowed');
+    }
+    return();
+}
+sub check_allowed_values {
+    my ($self, $otype, $attr, $attrvalues) = @_;
+    $self->_allowed_values or return 1;
+    my @values = ref $attrvalues ? @{ $attrvalues } : $attrvalues;
+    foreach my $value (@values) {
+        $value or next;
+        if (my @allowed = $self->obj_attr_allowed_values($otype, $attr)) {
+            grep { $value eq $_ } @allowed or do {
+                $self->log(LA_ERR,
+                    "value `%s' is not allow for %s.%s per configuration (allowed_values)",
+                    $value, $otype, $attr
+                );
+                return;
+            };
+        }
+    }
+    return 1;
+}
+=head2 list_canonical_fields($otype, $for)
+Return the list of supported fields by the database for object type $otype.
+Optionnal $for specify the goal for which the list is requested, only supported
+fields will be returns
+=cut
+sub list_canonical_fields {
+    my ($self, $otype, $for) = @_;
+    $for ||= 'rw';
+    my $pclass = $self->_load_obj_class($otype) or return;
+    sort $pclass->_canonical_fields($self, $for);
+}
+sub _get_attr_schema {
+    my ($self, $otype) = @_;
+    my $pclass = $self->_load_obj_class($otype) or return;
+    return $pclass->_get_attr_schema($self);
+}
+sub get_attr_schema {
+    my ($self, $otype, $attribute) = @_;
+    my $info = $self->_get_attr_schema($otype);
+    if ($info->{$attribute}) {
+        return $info->{$attribute};
+    } else {
+        return;
+    }
+}
+sub attribute {
+    my ($self, $otype, $attribute) = @_;
+    return LATMOS::Accounts::Bases::Attributes->new(
+        $attribute,
+        $self,
+        $otype,
+    );
+}
+sub delayed_fields {
+    my ($self, $otype, $for) = @_;
+    $self->log(LA_WARN, "calling DEPRECATED delayed_fields " . join(',',
+            caller));
+    $for ||= 'rw';
+    my @attrs;
+    foreach ($self->list_canonical_fields($otype, $for)) {
+        my $attr = $self->attribute($otype, $_) or next;
+        $for =~ /w/ && $attr->ro and next;
+        $attr->delayed or next;
+        push(@attrs, $_);
+    }
+    @attrs
+}
+sub ochelper {
+    my ($self, $otype) = @_;
+    my $pclass = ucfirst(lc($otype));
+    foreach my $class (
+        ref($self) . '::OCHelper::' . $pclass,
+        ref($self) . '::OCHelper',
+        "LATMOS::Accounts::Bases::OCHelper::$pclass",
+        'LATMOS::Accounts::Bases::OCHelper' ) {
+        eval "require $class;";
+        if ($@) { next } # error message ?
+        my $ochelper = "$class"->new($self, $otype);
+        return $ochelper;
+    }
+    return;
+}
 …
+        }
+    }
+    $self->postcommit();
     return 1;
+}
+sub postcommit {
+    my ($self) = @_;
+    if ($self->{_options}{postcommit}) {
+        exec_command($self->{_options}{postcommit},
+            {
+                BASE => $self->label,
+                BASETYPE => $self->type,
+                HOOK_TYPE => 'POST',
+                CONFIG => $self->{_options}{configdir},
+            }
+        );
+    } else {
+        return 1;
+    }
+}
 …
         : $self->list_canonical_fields($srcobj->type, 'w');
     my %data;
-    my %delayed = map { $_ => 1 } $self->delayed_fields($srcobj->type);
     foreach (@fields) {
+        $srcobj->get_field_name($_, 'r') or next;
+        # check attribute exists in source:
+        my $attr = $srcobj->attribute($_) or next;
         if (! $options{onepass}) {
             if ($options{firstpass}) {
                 $delayed{$_} and next;
+                $attr->delayed and next;
             } else {
                 $delayed{$_} or next;
+                $attr->delayed or next;
+            }
+        }
         $data{$_} = $srcobj->_get_c_field($_);
+    }
-    keys %data or return '';
     if (my $dstobj = $self->get_object($srcobj->type, $srcobj->id)) {
+        keys %data or return 'SYNCED';
+        foreach (keys %data) {
+            if (!$dstobj->attribute($_) ||
+                $dstobj->attribute($_)->ro) {
+                delete($data{$_});
+            }
+        }
         my $res = $dstobj->_set_c_fields(%data);
         if (defined $res) {
 …
     };
     if ($self->get_field_name('user', 'exported', 'r')) {
+    if ($self->attribute('user', 'exported')) {
         if (!$uobj->_get_c_field('exported')) {
             la_log(LA_ERR, "User $username found but currently unexported");
 …
+    }
+    if (my $expire = $uobj->_get_c_field('shadowExpire')) {
+        if ($expire > 0 && $expire < int(time / ( 3600 * 24 ))) {
+            la_log(LA_ERR, "Account $username has expired (%d / %d)",
+                $expire, int(time / ( 3600 * 24 )));
+            return;
+        }
+    if ($uobj->_get_c_field('expired')) {
+        la_log(LA_ERR, "Account $username has expired (%s)",
+            $uobj->_get_c_field('expired'));
+        return;
+    }

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ad/Group.pm

-                      r821
+                      r861
 sub _my_ldap_classes { qw(top group) }
+sub _delayed_fields {
+    my ($self)= @_;
+    return qw(memberUID member managedBy);
+}
+sub _canonical_fields {
+    my ($self, $base, $mode) = @_;
+    (
+        qw(gidNumber description member memberUID sAMAccountName managedBy),
+        ($mode !~ /w/
+            ? qw(cn dn objectClass)
+            : ()
+        )
+    )
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    {
+        gidNumber  => { uniq => 1, },
+        description => { },
+        member => {
+            delayed => 1,
+            can_values => sub { $base->list_objects('user') },
+        },
+        memberUID => { delayed => 1, },
+        sAMAccountName => { },
+        managedBy => {
+            delayed => 1,
+            can_values => sub { $base->list_objects('user') },
+        },
+        cn => { ro => 1, },
+        dn => { ro => 1, },
+        objectClass => { ro => 1, },
+        msSFU30NisDomain => { },
+        msSFU30Name => { },
+    }
+}

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ad/User.pm

-                      r810
+                      r861
 sub _my_ldap_classes { qw(top person organizationalPerson user) }
+sub _delayed_fields {
+    my ($self)= @_;
+    return qw(memberOf manager);
+}
+sub _canonical_fields {
+    my ($self, $base, $mode) = @_;
+    (
+        qw(
+        sn name givenName
+        sAMAccountName uid gecos
+        homeDirectory loginShell
+        uidNumber gidNumber
+        shadowLastChange shadowMin shadowMax
+        shadowWarning shadowInactive shadowExpire
+        shadowFlag
+        description
+        mail
+        telephoneNumber
+        ipPhone otherTelephone department
+        title mobile homePhone
+        accountExpires
+        streetAddress postalCode postOfficeBox l
+        physicalDeliveryOfficeName
+        company st
+        displayName
+        initials
+        manager
+        userAccountControl
+        locked
+        memberOf
+        winhomeDirectory
+        facsimileTelephoneNumber
+        ),
+        ($mode !~ /w/
+            ? qw(cn dn uSNCreated uSNChanged directReports objectClass)
+            : ()
+        )
+    )
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    {
+        sn => { },
+        name => { },
+        givenName => { },
+        sAMAccountName => { },
+        uid => { uniq => 1, },
+        gecos => { },
+        homeDirectory => { },
+        loginShell => { },
+        uidNumber => { uniq => 1, },
+        gidNumber => {
+            mandatory => 1,
+            can_values => sub {
+                map { $base->get_object('group',
+                        $_)->get_attributes('gidNumber') }
+                $base->list_objects('group')
+            },
+            display => sub {
+                my ($self, $val) = @_;
+                my ($gr) = $self->base->search_objects('group', "gidNumber=$val")
+                    or return;
+                return $gr;
+            },
+            reference => 'group',
+        },
+        shadowLastChange => { },
+        shadowMin => { },
+        shadowMax => { },
+        shadowWarning => { },
+        shadowInactive => { },
+        shadowExpire => { },
+        shadowFlag => { },
+        description => { },
+        mail => { },
+        telephoneNumber => { },
+        ipPhone => { },
+        otherTelephone => { },
+        department => { },
+        title => { },
+        mobile => { },
+        homePhone => { },
+        accountExpires => { },
+        streetAddress => { },
+        postalCode => { },
+        postOfficeBox => { },
+        l => { },
+        physicalDeliveryOfficeName => { },
+        company => { },
+        st => { },
+        displayName => { },
+        initials => { },
+        manager => {
+            delayed => 1,
+            can_values => sub { $base->list_objects('user') },
+        },
+        userAccountControl => { },
+        locked => { },
+        memberOf => { delayed => 1, },
+        winhomeDirectory => { },
+        facsimileTelephoneNumber => { },
+        cn => { ro => 1, },
+        dn => { ro => 1, },
+        uSNCreated => { ro => 1, },
+        uSNChanged => { ro => 1, },
+        directReports => { ro => 1, },
+        objectClass => { ro => 1, },
+        msSFU30NisDomain => { },
+        msSFU30Name => { },
+        labeledURI => {},
+        wWWHomePage => {},
+    }
+}
 …
         };
         /^manager$/ && $value and do {
+            my $user = $base->get_object('user', $value) or next;
+            my $user = $base->get_object('user', $value) or do {
+                $value = undef;
+                next;
+            };
             $value = $user->get_field('dn');
             next;
         };
         /^locked$/ and do {
             my $uac = $entry->get_value('userAccountControl');
+            my $uac = $entry->get_value('userAccountControl') || 0;
             if ($value) {
                 $uac |= 0x00000002;

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Attributes.pm

-                      r857
+                      r861
         : (undef, $base_or_object, $maybe_otype);
     my $attr_info = $base->get_attr_schema($otype, $attributes);
+    my $attr_info = $base->get_attr_schema($otype, $attributes) or return;
     $attr_info->{_base} = $base;
 …
 sub name  { $_[0]->{_name}  }
 sub otype { $_[0]->{_otype} }
+sub mandatory { $_[0]->{mandatory} || 0 }
+sub object { $_[0]->{_object} }
+=head2 reference
+A object type this attribute refer to
+=cut
+sub reference {
+    my ($self) = @_;
+    if ($self->{reference} &&
+        $self->base->is_supported_object($self->{reference})) {
+        return $self->{reference};
+    } else {
+        return;
+    }
+}
 =head2
 …
 sub label { $_[0]->{label} || $_[0]->{_name} }
+sub has_values_list {
+    my ($self) = @_;
+    if ($self->base->obj_attr_allowed_values(
+        $self->otype,
+        $self->name) ||
+        $self->{can_values} ||
+        $self->reference) {
+        return 1;
+    } else {
+        return 0;
+    }
+}
 sub can_values {
     my ($self) = @_;
 …
             return @{$self->{can_values}};
         } elsif (ref $self->{can_values} eq 'CODE') {
             $self->{can_values}->($self);
+            $self->{can_values}->($self, $self->object);
         } else {
             return;
+        }
+    } elsif (my $ref = $self->reference) {
+        return $self->base->list_objects($ref);
     } else { return }
+}
+sub ro { $_[0]->{ro} || 0 }
+sub display {
+    my ($self, $value) = @_;
+    if ($self->{display}) {
+        return $self->{display}->($self, $value);
+    } else {
+        return $value;
+    }
+}
+sub input {
+    my ($self, $value) = @_;
+    if ($self->{input}) {
+        return $self->{input}->($value);
+    } else {
+        return $value;
+    }
+}
+sub ro {
+    my ($self) = @_;
+    if (ref $self->{ro} eq 'CODE') {
+        return $self->{ro}->($self->object) || 0;
+    } else {
+        return $_[0]->{ro} || 0
+    }
+}
 sub readonly {
 …
     return 1 if ($self->ro);
+    return ! $self->base->check_acl($self->object
+        ? ($self->object, $self->name, 'w')
+        : ($self->otype, '@CREATE', 'w'));
+    return ! $self->check_acl('w');
+}
+sub check_acl {
+    my ($self, $mode) = @_;
+    return $self->base->check_acl($self->object
+        ? ($self->object, $self->name, $mode)
+        : ($self->otype, '@CREATE', $mode));
+}
 =head2 form_type
+Return the way the fields must be show in GUI:
+Return the way the fields must be show in GUI.
+For each type option maybe given by from_option
+=head3 LABEL
 =over 4
 =item LABEL
+=item length
+=item TEXT
+The length to use to show the attribute
 =item DATE
+=back
 =item LIST
+=head3 TEXT
+=item CHECKBOX
+=head3 TEXTAREA
+=head3 DATE
+=head3 LIST
+=head3 CHECKBOX
+=over 4
+=item rawvalue
+The real value of the attribute must be show
 =back
 …
 =cut
+sub form_type { $_[0]->ro ? 'LABEL' : ($_[0]->{formtype} || 'TEXT') }
+sub real_form_type { $_[0]->{formtype} || 'TEXT' }
+sub form_type {
+    $_[0]->readonly ? 'LABEL' :
+    $_[0]->{formtype} ? $_[0]->{formtype} :
+    $_[0]->has_values_list ? 'LIST' :
+    $_[0]->real_form_type
+}
+sub form_option {
+    my ($self, $option) = @_;
+    return $self->{formopts}{$option}
+}
 sub uniq { $_[0]->{uniq} || 0 }
 …
 sub multiple { $_[0]->{multiple} || 0 }
+sub hidden { $_[0]->{hide} || 0 }
+sub delayed { $_[0]->{delayed} || 0 }
 ;

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Dummy/User.pm

-                      r679
+                      r861
 our $VERSION = (q$Rev$ =~ /^Rev: (\d+) /)[0];
+my %fields_map = (
+    username => 'username',
+    homeDirectory => 'home',
+);
+sub _get_attr_schema {
+    {
+        username => {},
+        homeDirectory => { iname => 'home' },
+    }
+}
+sub list {
+    return ();
+}
 sub new {
 …
+}
-sub _canonical_fields {
-    my ($self) = @_;
-    return keys %fields_map;
+}
-sub _get_field_name {
-    my ($self, $field) = @_;
-    return $fields_map{$field};
+}
 ;

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ldap/Group.pm

-                      r766
+                      r861
 sub _my_ldap_classes { qw(top posixGroup) }
+sub _delayed_fields {
+    my ($self)= @_;
+    return qw(memberUID);
+}
+sub _canonical_fields {
+    my ($self, $base, $mode) = @_;
+    (
+        qw(gidNumber description memberUID),
+        ($mode !~ /w/
+            ? qw(cn dn objectClass)
+            : ()
+        )
+    )
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    $class->SUPER::_get_attr_schema($base,
+    {
+        gidNumber => { uniq => 1, },
+        description => { },
+        memberUID => { multiple => 1, delayed => 1, },
+        cn => { ro => 1 },
+        dn => { ro => 1 },
+        objectClass => { ro => 1 },
+    }
+    );
+}
 …
     $entry->replace(objectClass => [ $class->_my_ldap_classes ],);
     my %delayed;
+    $data{cn} = $id;
     foreach (keys %data) {
         /^(memberUID)$/ and do {

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ldap/Onlyaddress.pm

-                      r678
+                      r861
 ) }
+sub _delayed_fields {
+    my ($self)= @_;
+    return qw();
+}
+sub _canonical_fields {
+    my ($self, $base, $mode) = @_;
+    (
+        qw(displayName givenName
+        initials mail sn
+        mobile o uid facsimileTelephoneNumber), # inetOrgPerson
+        qw(street postOfficeBox postalCode postalAddress streetAddress
+        physicalDeliveryOfficeName ou st l telephoneNumber), # organizationalPerson
+        ($mode
+            !~ /w/
+              ? qw(cn dn objectClass)
+              : ()
+        )
+    )
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    {
+        # inetOrgPerson
+        displayName => {},
+        givenName => {},
+        initials => {},
+        mail => {},
+        sn => {},
+        mobile => {},
+        o => {},
+        uid => {},
+        facsimileTelephoneNumber => {},
+        # organizationalPerson
+        street => {},
+        postOfficeBox => {},
+        postalCode => {},
+        postalAddress => {},
+        streetAddress => {},
+        physicalDeliveryOfficeName => {},
+        ou => {},
+        st => {},
+        l => {},
+        telephoneNumber => {},
+        cn => { ro => 1 },
+        dn => { ro => 1 },
+        objectClass => { ro => 1 },
+    }
+}
 …
         [ $class->_my_ldap_classes ],);
     $data{sn} ||= $id; # sn is mandatory
+    $data{cn} = $id;
     foreach (keys %data) {
         $class->_populate_entry($entry,

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ldap/User.pm

-                      r767
+                      r861
 ) }
+sub _delayed_fields {
+    my ($self)= @_;
+    return qw(memberOf manager);
+}
+sub _canonical_fields {
+    my ($self, $base, $mode) = @_;
+    (
+        qw(displayName givenName homePhone homePostalAddress
+        initials mail sn
+        mobile o uid manager facsimileTelephoneNumber), # inetOrgPerson
+        qw(uidNumber gidNumber homeDirectory
+        userPassword loginShell
+        gecos description), # posixAccount
+        qw(shadowLastChange
+        shadowMin shadowMax
+        shadowWarning
+        shadowInactive
+        shadowExpire
+        shadowFlag), # shadowAccount
+        qw(street postOfficeBox postalCode postalAddress streetAddress
+        physicalDeliveryOfficeName ou st l telephoneNumber), # organizationalPerson
+        ('memberOf'),
+        ($mode
+            !~ /w/
+              ? qw(cn dn objectClass)
+              : ()
+        )
+    )
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    $class->SUPER::_get_attr_schema($base,
+    {
+        displayName => { },
+        givenName => { },
+        homePhone => { },
+        homePostalAddress => { },
+        initials => { },
+        mail => { },
+        sn => { },
+        mobile => { },
+        o => { },
+        uid => { },
+        manager => {
+            delayed => 1,
+            can_values => sub { $base->list_objects('user') },
+        },
+        facsimileTelephoneNumber => { },
+        uidNumber => { uniq => 1, },
+        gidNumber => {
+            reference => 'group',
+            mandatory => 1,
+            can_values => sub {
+                map { $base->get_object('group',
+                        $_)->get_attributes('gidNumber') }
+                $base->list_objects('group')
+            },
+            display => sub {
+                my ($self, $val) = @_;
+                my ($gr) = $self->base->search_objects('group', "gidNumber=$val")
+                    or return;
+                return $gr;
+            },
+        },
+        homeDirectory => { },
+        userPassword => { },
+        loginShell => { },
+        gecos => { },
+        description => { },
+        shadowLastChange => { },
+        shadowMin => { },
+        shadowMax => { },
+        shadowWarning => { },
+        shadowInactive => { },
+        shadowExpire => { },
+        shadowFlag => { },
+        street => { },
+        postOfficeBox => { },
+        postalCode => { },
+        postalAddress => { },
+        streetAddress => { },
+        physicalDeliveryOfficeName => { },
+        ou => { },
+        st => { },
+        l => { },
+        telephoneNumber => { },
+        memberOf => { delayed => 1, },
+        cn => { ro => 1, },
+        dn => { ro => 1, },
+        objectClass => { ro => 1, },
+        pwdAccountLockedTime => {},
+        pwdPolicySubentry => {},
+        pwdChangedTime => { ro => 1 },
+        labeledURI => {},
+    }
+    );
+}
 …
     $entry->replace(objectClass =>
         [ $class->_my_ldap_classes ],);
+    $data{cn} = $id;
     $data{sn} ||= $id; # sn is mandatory
     $data{homeDirectory} ||= '/dev/null'; # homeDirectory is mandatory
 …
     $field eq 'manager' and do {
         my $dn = $self->SUPER::get_field($field) or return;
+        return $self->base->_get_object_from_dn($dn)->get_value('cn');
+        my $manager = $self->base->_get_object_from_dn($dn) or return;
+        return $manager->get_value('cn');
     };
     $self->SUPER::get_field($field);
 …
         };
         /^manager$/ && $val and do {
+            my $user = $base->get_object('user', $val) or
+            next;
+            my $user = $base->get_object('user', $val) or do {
+                $val = undef;
+                next;
+            };
             $val = $user->get_field('dn');
             next;

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ldap/objects.pm

-                      r715
+                      r861
 =cut
+sub _get_attr_schema {
+    my ($class, $base, $info) = @_;
+    $info ||= {};
+    foreach (qw(
+            createTimestamp
+            creatorsName
+            entryUUID
+            modifiersName
+            modifyTimestamp
+            entryCSN
+            )) {
+        $info->{$_} = { ro => 1 };
+    }
+    return $info;
+}
 sub list {
 …
+}
-sub _get_field_name {
-    my ($self, $field, $base, $for) = @_;
-    my %fields = map { $_ => 1 } $self->_canonical_fields($base, $for);
-    return $fields{$field} ? $field : undef;
+}
 sub new {
     my ($class, $base, $uid) = @_;
 …
         ),
         base => $base->object_base_dn($class->type),
+        attrs => [ $class->_canonical_fields($base, 'r') ],
     );
 …
 sub _populate_entry {
     my ($self, $entry, $field, $value, $base) = @_;
     my $val = $entry->get_value($field);
+    my $val = ref $self ? $self->get_field($field) : undef;
     my $tr =  join(', ', map { $_ || '' } ($field, $val, $value));
     if ($value) {
 …
+    }
     foreach (keys %fields) {
+        $self->get_field_name($_, 'w') or next;
+        my $attr = $self->attribute($_) or do {
+            $self->base->log(LA_ERR, "Unknow attribute %s (%s)",
+                $_, $self->type);
+            return;
+        };
+        $attr->ro and next;
         $self->_populate_entry($self->{entry}, $_, $fields{$_});
+    }

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Mail.pm

-                      r817
+                      r861
     my $base = {
+        file => {
+            aliases => $options{aliases} || '/etc/aliases',
+            revaliases => $options{revaliases} || '/etc/revaliases',
+        },
+        file => {},
         aliases => {},
         revaliases => {},
     };
+    foreach (qw(aliases revaliases)) {
+        if ($options{$_}) {
+            $base->{file}{$_} = $options{$_};
+        } elsif ($options{directory}) {
+            $base->{file}{$_} = $options{directory} . '/' . $_;
+        } else {
+            $base->{file}{$_} = "/etc/$_";
+        }
+    }
     bless($base, $class);

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Mail/Aliases.pm

-                      r812
+                      r861
+}
+sub _canonical_fields {
+    my ($self, $for) = @_;
+    return (qw(forward));
+}
+sub _get_field_name {
+    my ($self, $c_field, $base, $for) = @_;
+    for ($c_field) {
+        /^forward$/ and last;
+        return;
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    {
+        forward => {},
+    }
-    return $c_field;
+}

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Mail/Revaliases.pm

-                      r351
+                      r861
+}
+sub _canonical_fields {
+    my ($self, $for) = @_;
+    return (qw(as));
+}
+sub _get_field_name {
+    my ($self, $c_field, $base, $for) = @_;
+    for ($c_field) {
+        /^as$/ and last;
+        return;
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    {
+        as => {},
+    }
-    return $c_field;
+}

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Mail/objects.pm

r305	r861
9	9	our $VERSION = (q$Rev: 641 $ =~ /^Rev: (\d+) /)[0];
10	10
11		~~#sub list_canonical_fields {~~
12		~~# my ($self, $for) = @_;~~
13		#}

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Objects.pm

-                      r852
+                      r861
 sub list_canonical_fields {
     my ($self, $for) = @_;
+    $self->base->list_canonical_fields($self->type, $for);
+    $for ||= 'rw';
+    $self->_canonical_fields($for);
+}
 …
+}
+=head2 get_field_name($field, $for)
+Object shortcut to get the field name supported by the object.
+=cut
+sub get_field_name {
+    my ($self, $field, $for) = @_;
+    $self->base->get_field_name($self->type, $field, $for);
+}
+=head2 _canonical_fields
+Must return the list of field supported by the object.
+Notice this query will always come from the upstream data base,
+this function is just a facility to store data in the module, but the
+underling database can reply themself.
+Is call if underling base doesn't override list_canonical_fields()
+See list_canonical_fields().
+    sub _canonical_fields {
+        my ($self) = @_;
+    }
+=cut
+sub _delayed_fields {
+    my ($self)= @_;
+    return ();
+}
+=head2 _get_fields_name($field, $for)
+Return the fields name for canonical field $field.
+$for, if set, is a string containing 'r' for read, 'w' for write,
+depending usage context.
+    sub _get_field_name {
+        my ($self, $field, $for) = @_;
+    }
+=cut
+sub _canonical_fields {
+    my ($class, $base, $for) = @_;
+    $for ||= 'rw';
+    my $info = $base->_get_attr_schema($class->type);
+    my @attrs = map { $base->attribute($class->type, $_) } keys %{$info || {}};
+    @attrs = grep { ! $_->ro } @attrs if($for =~ /w/);
+    map { $_->name } grep { !$_->hidden }  @attrs;
+}
 =head2 get_field($field)
 …
 Return the value for canonical field $cfield.
 Call driver specific get_field_name() and get_field()
+Call driver specific get_field()
 =cut
 …
+}
+sub get_state {
+    my ($self, $state) = @_;
+    # hum...
+    if (defined(my $res = $self->_get_state($state))) {
+        return $res;
+    }
+    for ($state) {
+    }
+    return;
+}
+sub _get_state {
+    my ($self, $state) = @_;
+    return;
+}
 sub _get_c_field {
     my ($self, $cfield) = @_;
     my $return;
     my $field = $self->base->get_field_name($self->type, $cfield, 'r') or do {
+    my $attribute = $self->attribute($cfield) or do {
         $self->base->log(LA_WARN, "Unknow attribute $cfield");
         return;
     };
     $return = $self->get_field($field);
+    $return = $self->get_field($attribute->iname);
+}
 …
     my %data;
     foreach my $cfield (keys %cdata) {
         my $field = $self->base->get_field_name($self->type, $cfield, 'w') or do {
+        my $attribute = $self->attribute($cfield) or do {
             $self->base->log(LA_ERR,
                 "Cannot set unsupported attribute %s to %s (%s)",
 …
             return;
         };
+        $data{$field} = $cdata{$cfield};
+        $attribute->ro and do {
+            $self->base->log(LA_ERR,
+                "Cannot set read-only attribute %s to %s (%s)",
+                $cfield, $self->id, $self->type
+            );
+            return;
+        };
+        $attribute->mandatory &&
+            (!(defined($cdata{$cfield})) || $cdata{$cfield} eq '') and do {
+            $self->base->log(LA_ERR,
+                "%s attribute cannot be empty, ignoring for object %s/%s",
+                $cfield,
+                $self->type,
+                $self->id,
+            );
+            return 0;
+        };
+        if (ref $cdata{$cfield}) {
+            $data{$attribute->iname} = []; # ensure hash entry exists
+            foreach (@{$cdata{$cfield}}) {
+                push(@{$data{$attribute->iname}}, defined($_)
+                    ? $attribute->input($_)
+                    : undef
+                );
+            }
+        } else {
+            $data{$attribute->iname} = defined($cdata{$cfield})
+                ? $attribute->input($cdata{$cfield})
+                : undef;
+        }
+    }
     keys %data or return 0; # TODO: return an error ?
 …
 sub _set_password {
     my ($self, $clear_pass) = @_;
     if (my $field = $self->base->get_field_name($self->type, 'userPassword')) {
+    if (my $attribute = $self->base->attribute($self->type, 'userPassword')) {
         my @salt_char = (('a' .. 'z'), ('A' .. 'Z'), (0 .. 9), '/', '.');
         my $salt = join('', map { $salt_char[rand(scalar(@salt_char))] } (1 .. 8));
+        my $res = $self->set_fields($field, crypt($clear_pass, '$1$' . $salt));
+        $self->base->log(LA_NOTICE, 'Mot de passe changÃ© pour %s', $self->id);
+        my $res = $self->set_fields($attribute->iname, crypt($clear_pass, '$1$' . $salt));
+        $self->base->log(LA_NOTICE, 'Mot de passe changÃ© pour %s', $self->id)
+            if($res);
         return $res;
     } else {
 …
         my $match = 1;
         foreach my $field (keys %parsed_filter) {
             $base->get_field_name($class->type, $field, 'r') or die
             "Unsupported attribute $field\n";
+            $base->attribute($class->type, $field) or
+                la_log LA_WARN "Unsupported attribute $field";
             my $tmatch = 0;
             foreach (@{$parsed_filter{$field}}) {
 …
 sub find_next_numeric_id {
     my ($class, $base, $field, $min, $max) = @_;
     $base->get_field_name($class->type, $field) or return;
+    $base->attribute($class->type, $field) or return;
     $min ||=
         $field eq 'uidNumber' ? 500 :
 …
     foreach my $attr (sort { $a cmp $b } $base->list_canonical_fields($otype,
         $options->{only_rw} ? 'rw' : 'r')) {
         my $wok = $base->get_field_name($otype, $attr, 'w');
+        my $oattr = $base->attribute($otype, $attr);
         if (ref $self) {
             my $val = $self->get_c_field($attr);
             if ($val || $options->{empty_attr}) {
                 if (my @allowed = $base->obj_attr_allowed_values($otype, $attr)) {
                     $dump .= sprintf("# %s must be empty or either: %s\n",
+                    $dump .= sprintf("# %s must be%s: %s\n",
                         $attr,
+                        ($oattr->mandatory ? '' : ' empty or either'),
                         join(', ', @allowed)
                     );
 …
                     s/\r?\n/\\n/g;
                     $dump .= sprintf("%s%s:%s\n",
                         $wok ? '' : '# (ro) ',
+                        $oattr->ro ? '# (ro) ' : '',
                         $attr, $_ ? " $_" : '');
+                }
 …
+            }
             $dump .= sprintf("%s%s: %s\n",
                 $wok ? '' : '# (ro) ',
+                $oattr->ro ? '# (ro) ' : '',
                 $attr, '');
+        }

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql.pm

-                      r850
+                      r861
 use LATMOS::Accounts::Log;
 use DBI;
+use Crypt::RSA;
+use Crypt::RSA::Key::Public::SSH;
+use Crypt::RSA::Key::Private::SSH;
+use MIME::Base64;
 our $VERSION = (q$Rev$ =~ /^Rev: (\d+) /)[0];
 …
             undef, undef,
+            {
                 RaiseError => 1,
+                RaiseError => 0,
                 AutoCommit => 0,
                 PrintWarn => 1,
 …
+            }
         ) or do {
             $self->log(LA_ERR, "Cannot connect to database");
+            $self->log(LA_ERR, "Cannot connect to database: %s", $DBI::errstr);
             return;
         };
 …
+}
 sub commit {
+sub _commit {
     my ($self) = @_;
     if ($ENV{LA_NO_COMMIT}) {
 …
+}
 sub rollback {
+sub _rollback {
     my ($self) = @_;
     if ($ENV{LA_NO_COMMIT}) {
 …
     return ($res->{max});
+}
+# Extra non standard functions
 sub get_global_value {
 …
     };
+}
+sub generate_rsa_key {
+    my ($self, $password) = @_;
+    my $rsa = new Crypt::RSA ES => 'PKCS1v15';
+    my ($public, $private) = $rsa->keygen (
+        Identity  => 'LATMOS-Accounts',
+        Size      => 768,
+        Password  => $password,
+        Verbosity => 0,
+        KF=>'SSH',
+    ) or die $rsa->errstr(); # TODO avoid die
+    return ($public, $private);
+}
+sub private_key {
+    my ($self, $password) = @_;
+    my $base = $self;
+    my $serialize = $base->get_global_value('rsa_private_key') or return;
+    my $privkey = Crypt::RSA::Key::Private::SSH->new;
+    $privkey->deserialize(String => [ decode_base64($serialize) ],
+        Passphrase => $password);
+    $privkey
+}
+sub get_rsa_password {
+    my ($self) = @_;
+    my $base = $self;
+    my $sth = $base->db->prepare(q{
+        select "name", value from "user" join user_attributes_base
+        on "user".ikey = user_attributes_base.okey
+        where user_attributes_base.attr = 'encryptedPassword'
+    });
+    $sth->execute;
+    my %users;
+    while (my $res = $sth->fetchrow_hashref) {
+        $users{$res->{name}} = $res->{value};
+    }
+    %users
+}
+sub store_rsa_key {
+    my ($self, $public, $private) = @_;
+    my $base = $self;
+    $base->set_global_value('rsa_private_key',
+        encode_base64($private->serialize));
+    $base->set_global_value('rsa_public_key',
+        $public->serialize);
+    return;
+}
 sub find_next_expire_users {
 …
+}
+sub rename_nethost {
+    my ($self, $nethostname, $to, %options) = @_;
+    {
+        my $obj = $self->get_object('nethost', $nethostname);
+        my @cname = grep { $_ && $_ ne $to}
+        $obj->get_attributes('cname');
+        $obj->set_c_fields(cname => [ @cname ]) or return;
+    }
+    $self->rename_object('nethost', $nethostname, $to) or return;
+    if ($options{'addcname'}) {
+        my $obj = $self->get_object('nethost', $to);
+        my @cname = grep { $_ } $obj->get_attributes('cname');
+        $obj->set_c_fields(cname => [ @cname, $nethostname ]);
+    }
+    return 1;
+}
+sub nethost_exchange_ip {
+    my ($self, $ip1, $ip2) = @_;
+    my ($obj1, $obj2);
+    if (my ($host1) = $self->search_objects('nethost', "ip=$ip1")) {
+        $obj1 = $self->get_object('nethost', $host1);
+    } else {
+        $self->la_log(LA_ERR, "Cannot find host having $ip1");
+        return;
+    }
+    if (my ($host2) = $self->search_objects('nethost', "ip=$ip2")) {
+        $obj2 = $self->get_object('nethost', $host2);
+    } else {
+        $self->la_log(LA_ERR, "Cannot find host having $ip2");
+        return;
+    }
+    if ($obj1->id eq $obj2->id) {
+        $self->la_log(LA_ERR, "Both ip belong to same host (%s)", $obj1->id);
+        return;
+    }
+    my @ip1 = grep { $_ && $_ ne $ip1 } $obj1->get_attributes('ip');
+    $obj1->set_c_fields(ip => [ @ip1 ]);
+    my @ip2 = grep { $_ && $_ ne $ip2 } $obj2->get_attributes('ip');
+    $obj2->set_c_fields(ip => [ @ip2, $ip1 ]) or return;
+    $obj1->set_c_fields(ip => [ @ip1, $ip2 ]) or return;
+    return 1;
+}
+sub register_attribute {
+    my ($self, $otype, $attribute, $comment) = @_;
+    my $pclass = $self->_load_obj_class($otype) or return;
+    $pclass->register_attribute($self, $attribute, $comment);
+}
+sub get_attribute_comment {
+    my ($self, $otype, $attribute) = @_;
+    my $pclass = $self->_load_obj_class($otype) or return;
+    $pclass->get_attribute_comment($self, $attribute);
+}
+sub set_attribute_comment {
+    my ($self, $otype, $attribute, $comment) = @_;
+    my $pclass = $self->_load_obj_class($otype) or return;
+    $pclass->set_attribute_comment($self, $attribute, $comment);
+}
 ;

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/Address.pm

-                      r809
+                      r861
 sub has_extended_attributes { 1 }
 sub _inline_fields {
     my ($self, $for, $base) = @_;
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    my %fields = (
+        name            => 'name',
+        exported        => 'exported',
+        user            => 'user',
+    $class->SUPER::_get_attr_schema($base,
+        {
+            name =>         { inline => 1, },
+            exported =>     { inline => 1, },
+            user =>         { inline => 1,
+                reference => 'user',
+            },
+            site =>         {
+                reference => 'site',
+            },
+            sn =>           { ro => 1, },
+            mail =>         { ro => 1, },
+            givenName =>    { ro => 1, },
+            postalAddress => { ro => 1, },
+            displayName =>  { ro => 1, },
+            co =>           {
+                ro => sub { $_[0] && $_[0]->get_attributes('site') ? 1 : 0 },
+            },
+            l =>            {
+                ro => sub { $_[0] && $_[0]->get_attributes('site') ? 1 : 0 },
+            },
+            postalCode =>   {
+                ro => sub { $_[0] && $_[0]->get_attributes('site') ? 1 : 0 },
+            },
+            streetAddress => {
+                formtype => 'TEXTAREA',
+                ro => sub { $_[0] && $_[0]->get_attributes('site') ? 1 : 0 },
+            },
+            postOfficeBox => {
+                ro => sub { $_[0] && $_[0]->get_attributes('site') ? 1 : 0 },
+            },
+            st =>           {
+                ro => sub { $_[0] && $_[0]->get_attributes('site') ? 1 : 0 },
+            },
+            facsimileTelephoneNumber => {
+                ro => sub { $_[0] && $_[0]->get_attributes('site') ? 1 : 0 },
+            },
+            o =>            {
+                ro => sub { $_[0] && $_[0]->get_attributes('site') ? 1 : 0 },
+            },
+            isMainAddress => { formtype => 'CHECKBOX', },
+        }
     );
-    %fields
+}
-sub _managed_fields {
-    my ($self, $for, $base) = @_;
-    (site => 'site'),
-    $for !~ /w/ ? (
-        sn => 'sn',
-        mail =>  'mail',
-        givenName => 'givenName',
-        postalAddress => 'postalAddress',
-        displayName => 'displayName',
-    ) : ()
+}
-sub _delayed_fields {
-    my ($self)= @_;
-    return qw();
+}
 …
     $data{user} or return;
     my $user = $base->get_object('user', $data{user});
+    $user or return;
     if (!$user->get_c_field('otheraddress')) {
         $data{isMainAddress} = 1;
 …
 sub get_field {
     my ($self, $field) = @_;
+    if ((grep { $field eq $_ } __PACKAGE__->_address_fields())
+        && (my $fsite = $self->get_c_field('site'))) {
+    if ((grep { $field eq $_ } (qw(
+            co l
+            postalCode streetAddress
+            postOfficeBox st
+            facsimileTelephoneNumber o
+            ))) && (my $fsite = $self->get_c_field('site'))) {
         my $site = $self->base->get_object('site', $fsite);
         if ($site) {
 …
+        }
     } elsif ($field =~ /^(sn|givenName|mail)$/) {
+        my $user = $self->base->get_object('user', $self->_get_c_field('user'));
+        my $user = $self->base->get_object('user', $self->_get_c_field('user'))
+            or return;
         return $user->_get_c_field($field);
     } elsif ($field eq 'postalAddress' ) {
 …
                 $data{$attr});
             if ($site) {
+                foreach (__PACKAGE__->_address_fields()) {
+                foreach (qw(co l postalCode streetAddress postOfficeBox st
+                        facsimileTelephoneNumber o)) {
                     $fdata{$_} = undef;
                     $data{$_} = undef;

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/Aliases.pm

-                      r499
+                      r861
 sub key_field { 'name' }
 sub has_extended_attributes { 0 }
+sub has_extended_attributes { 1 }
+sub _managed_fields {
+    my ($class, $for, $base) = @_;
+    return(
+        $for !~ /w/
+        ? (
+            finalpoint => 'finalpoint',
+            parents => 'parents',
+            anyparents => 'anyparents',
+            sameforward => 'sameforward',
+            samedestination => 'samedestination',
+        )
+        : ()
+    );
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    $class->SUPER::_get_attr_schema($base,
+        {
+            name            => {
+                ro => 1,
+            },
+            forward         => {
+                mandatory => 1,
+                multiple => 1,
+            },
+            finalpoint      => { ro => 1, },
+            parents         => { ro => 1, },
+            anyparents      => { ro => 1, },
+            sameforward     => { ro => 1, },
+            samedestination => { ro => 1, },
+            user            => {
+                ro => 1,
+                reference => 'user',
+            },
+        }
+    )
+}

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/Group.pm

-                      r768
+                      r861
 sub has_extended_attributes { 1 }
+sub _inline_fields {
+    my ($self, $for, $base) = @_;
+    return (
+        gidNumber       => 'gidnumber',
+        exported        => 'exported',
+        ($for !~ /w/) ? (
+            name => 'name',
+            cn => 'name',
+            create => 'create',
+            date => 'date',
+        ) : (),
+    );
+}
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+sub _managed_fields {
+    my ($self, $for, $base) = @_;
+    my %fields = (
+        memberUID       => 'memberUID',
+        member          => 'member',
+        $for !~ /w/ ? (
+            sAMAccountName  => 'name',
+            groupname => 'name',
+        ) : (),
+    );
+    %fields;
+}
+sub _delayed_fields {
+    my ($self)= @_;
+    return qw(memberUID member);
+    $class->SUPER::_get_attr_schema($base,
+        {
+            gidNumber  => { inline => 1, uniq => 1, iname => 'gidnumber',
+                mandatory => 1, },
+            gidnumber  => { inline => 1, uniq => 1, hide => 1, },
+            exported   => { inline => 1, },
+            name       => { inline => 1, ro => 1 },
+            cn         => { inline => 1, ro => 1, iname => 'name', },
+            create     => { inline => 1, ro => 1 },
+            date       => { inline => 1, ro => 1 },
+            memberUID  => {
+                reference => 'user',
+                multiple => 1,
+                delayed => 1,
+                ro => sub {
+                    $_[0] &&
+                    ($_[0]->_get_c_field('sutype') ||'') =~ /^(jobtype|contrattype)$/
+                    ? 1 : 0
+                },
+            },
+            member     => {
+                reference => 'user',
+                multiple => 1,
+                delayed => 1,
+                can_values => sub { $base->list_objects('user') },
+                ro => sub {
+                    $_[0] &&
+                    ($_[0]->_get_c_field('sutype') ||'') =~ /^(jobtype|contrattype)$/
+                    ? 1 : 0
+                },
+            },
+            sAMAccountName => { iname => 'name', ro => 1 },
+            groupname  => { ro => 1 },
+            managedBy  => {
+                reference => 'user',
+                can_values => sub {
+                    my %uniq = map { $_ => 1 } grep { $_ }
+                    ($_[1] ? $_[1]->get_attributes('manager') : ()),
+                    $base->search_objects('user', 'active=*');
+                    sort keys %uniq;
+                },
+            },
+            sutype => {
+                reference => 'sutype',
+            },
+        }
+    )
+}
 …
                     $res++;
                 } elsif ($member{$_}{c}) {
+                    if (($user->get_c_field('department') || '') eq $self->id) {
+                        $self->base->log(LA_WARN,
+                            "Don't removing user %s from group %s: is it's department",
+                            $user->id, $self->id);
+                        next;
+                    }
                     my $sth = $self->db->prepare_cached(
                         q{delete from group_attributes_users where value = ? and attr = ? and okey = ?}
 …
+    }
     if (keys %fdata) {
+        return $res + $self->SUPER::set_fields(%fdata);
+            my $setres = $self->SUPER::set_fields(%fdata);
+            if (defined($setres)) { return $res + $setres; }
+            else { return; }
     } else {
         $res

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/Revaliases.pm

-                      r353
+                      r861
 sub has_extended_attributes { 0 }
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    $class->SUPER::_get_attr_schema($base,
+        {
+            name            => { reference => 'user', inline => 1, },
+        }
+    )
+}
 sub _create {
     my ($class, $base, $id, %data) = @_;

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/Site.pm

-                      r769
+                      r861
 sub has_extended_attributes { 1 }
+sub _inline_fields {
+    my ($class, $for, $base) = @_;
+    return (
+        expire    => 'expire',
+        ($for !~ /w/) ? (
+            name      => 'name',
+            cn => 'name',
+            create    => 'create',
+            date      => 'date',
+        ) : (),
+    );
+}
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+sub _managed_fields {
     my ($self, $for, $base) = @_;
     $for !~ /w/ ? (
         postalAddress => 'postalAddress',
     ) : ()
+}
+sub _delayed_fields {
     my ($self)= @_;
     return qw();
+    $class->SUPER::_get_attr_schema($base,
+        {
+            name   => { ro => 1, inline => 1, },
+            cn     => { ro => 1, inline => 1, iname => 'name' },
+            date   => { ro => 1, inline => 1, },
+            create => { ro => 1, inline => 1, },
+            streetAddress => { formtype => 'TEXTAREA' },
+            postalAddress => { ro => 1, },
+            siteNick => { uniq => 1 },
+        }
+    )
+}

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/Sutype.pm

-                      r165
+                      r861
 sub has_extended_attributes { 0 }
-sub _delayed_fields {
-    my ($self)= @_;
-    return qw();
+}
 ;

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/User.pm

-                      r840
+                      r861
 sub has_extended_attributes { 1 }
+sub _delayed_fields {
+    my ($self)= @_;
+    return qw(memberOf manager directReports department);
+}
+sub _office_address_fields { qw(telephoneNumber physicalDeliveryOfficeName site) }
+sub _inline_fields {
+    my ($class, $for, $base) = @_;
+    return (
+        uidNumber => 'uidnumber',
+        gidNumber => 'gidnumber',
+        exported  => 'exported',
+        expire    => 'expire',
+        ($for !~ /w/) ? (
+            name      => 'name',
+            cn => 'name',
+            create    => 'create',
+            date      => 'date',
+        ) : (),
+    );
+}
+sub _managed_fields {
+    my ($self, $for, $base) = @_;
+    return (
+        memberOf        => 'memberOf',
+        forward => 'forward',
+        aliases => 'aliases',
+        revaliases => 'revaliases',
+        (map { $_ => $_ } $self->_address_fields),
+        (map { $_ => $_ } $self->_office_address_fields),
+        (($for !~ /w/) ? (
+        uid => 'name',
+        cn => 'name',
+        gecos        => 'gecos',
+        displayName  => 'displayName',
+        sAMAccountName  => 'sAMAccountName',
+        accountExpires => 'accountExpires',
+        shadowExpire => 'shadowExpire',
+        directReports => 'directReports',
+        managedObjects => 'managedObjects',
+        otheraddress => 'otheraddress',
+        mainaddress => 'mainaddress',
+        postalAddress => 'postalAddress',
+        facsimileTelephoneNumber => 'facsimileTelephoneNumber',
+        allsite   => 'allsite',
+        managerContact => 'managerContact',
+        expireText => 'expireText',
+        cells  => 'cells',
+        departments => 'departments',
+        ) : ()),
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    $class->SUPER::_get_attr_schema($base,
+        {
+            uidNumber => { inline => 1, iname => 'uidnumber', uniq => 1,
+                mandatory => 1, },
+            uidnumber => { inline => 1, hide => 1, },
+            gidNumber => {
+                inline => 1,
+                iname => 'gidnumber',
+                mandatory => 1,
+                can_values => sub {
+                    map { $base->get_object('group',
+                            $_)->get_attributes('gidNumber') }
+                    $base->list_objects('group')
+                },
+                display => sub {
+                    my ($self, $val) = @_;
+                    my ($gr) = $self->base->search_objects('group', "gidNumber=$val")
+                        or return;
+                    return $gr;
+                },
+                reference => 'group',
+            },
+            loginShell => { mandatory => 1 },
+            gidnumber => { inline => 1, hide => 1,
+                can_values => sub {
+                    map { $_->get_attributes('gidNumber') }
+                    map { $base->get_object('group', $_) }
+                    $base->list_objects('group')
+                },
+                mandatory => 1,
+                reference => 'group',
+            },
+            exported  => {
+                inline => 1,
+                formtype => 'CHECKBOX',
+            },
+            locked    => {
+                formtype => 'CHECKBOX',
+                formopts => { rawvalue => 1, },
+            },
+            expire    => { inline => 1, formtype => 'DATE', },
+            name      => { inline => 1, ro => 1, },
+            cn        => { inline => 1, ro => 1, iname => 'name' },
+            create    => { inline => 1, ro => 1, },
+            date      => { inline => 1, ro => 1, },
+            memberOf  => { multiple => 1, delayed => 1, },
+            forward   => {},
+            aliases   => {
+                reference => 'aliases',
+                formtype => 'TEXT',
+                multiple => 1,
+            },
+            revaliases => {
+                reference => 'revaliases',
+                formtype => 'TEXT',
+            },
+            manager => {
+                delayed => 1,
+                can_values => sub {
+                    my %uniq = map { $_ => 1 } grep { $_ }
+                    ($_[1] ? $_[1]->get_attributes('manager') : ()),
+                    $base->search_objects('user', 'active=*');
+                    sort keys %uniq;
+                },
+                reference => 'user',
+            },
+            department => {
+                reference => 'group',
+                can_values => sub {
+                    $base->search_objects('group', 'sutype=dpmt')
+                }
+            },
+            contratType => {
+                reference => 'group',
+                can_values => sub {
+                    $base->search_objects('group', 'sutype=contrattype')
+                }
+            },
+            site => {
+                reference => 'site',
+                can_values => sub {
+                    $base->search_objects('site')
+                }
+            },
+            co => { },
+            l => { },
+            postalCode => { },
+            streetAddress => { formtype => 'TEXTAREA', },
+            postOfficeBox => { },
+            st => { },
+            facsimileTelephoneNumber => { },
+            o => { },
+            telephoneNumber => { },
+            physicalDeliveryOfficeName => { },
+            uid => { iname => 'name', ro => 1 },
+            cn =>  { iname => 'name', ro => 1 },
+            gecos => { ro => 1, },
+            displayName  => { ro => 1, managed => 1, },
+            sAMAccountName  => { ro => 1, managed => 1  },
+            accountExpires => { ro => 1, managed => 1 },
+            shadowExpire => { ro => 1, managed => 1 },
+            directReports => {
+                reference => 'user',
+                ro => 1,
+                delayed => 1,
+            },
+            managedObjects => { ro => 1, reference => 'group', },
+            otheraddress => { ro => 1, reference => 'address', },
+            mainaddress => { ro => 1, reference => 'address', },
+            postalAddress => { ro => 1, },
+            facsimileTelephoneNumber => { ro => 1, },
+            allsite   => {
+                ro => 1,
+                reference => 'site',
+            },
+            managerContact => {
+                ro => 1,
+                reference => 'user',
+            },
+            expireText => { ro => 1, },
+            krb5ValidEnd => { ro => 1, },
+            cells  => {
+                ro => 1,
+                reference => 'group',
+            },
+            departments => {
+                reference => 'group',
+                delayed => 1,
+                ro => 1,
+            },
+            arrivalDate => { },
+            expired => { ro => 1 },
+            active => { ro => 1 },
+                pwdAccountLockedTime => { managed => 1, ro => 1 }
+        }
+    )
+}
 …
         $res->{expire} =~ /(\d+) days\s*(\w)?/;
         return $1 + ($2 ? 1 : 0);
+    } elsif ($field eq 'krb5ValidEnd') {
+        my $sth = $self->db->prepare_cached(
+            sprintf(
+                q{select date_part('epoch', expire)::int as expire
+                from %s where %s = ?},
+                $self->db->quote_identifier($self->object_table),
+                $self->db->quote_identifier($self->key_field),
+            )
+        );
+        $sth->execute($self->id);
+        my $res = $sth->fetchrow_hashref;
+        $sth->finish;
+        return $res->{expire}
     } elsif ($field eq 'expireText') {
         my $sth = $self->db->prepare_cached(
 …
         $sth->finish;
         return $res->{expire}
+    } elsif ($field eq 'pwdAccountLockedTime') {
+        if ($self->_get_c_field('locked')) {
+            return '000001010000Z';
+        } else {
+            my $sth = $self->db->prepare_cached(
+                sprintf(
+                    q{select to_char(expire AT TIME ZONE 'Z', 'YYYYMMDDHH24MISSZ') as expire
+                    from %s where %s = ? and expire < now()},
+                    $self->db->quote_identifier($self->object_table),
+                    $self->db->quote_identifier($self->key_field),
+                )
+            );
+            $sth->execute($self->id);
+            my $res = $sth->fetchrow_hashref;
+            $sth->finish;
+            return $res->{expire}
+        }
     } elsif ($field eq 'otheraddress') {
         my $sth = $self->db->prepare_cached(q{
 …
         $sth->finish;
         return $res->{name};
+    } elsif (grep { $field eq $_ } __PACKAGE__->_address_fields(),
+        $self->_office_address_fields, 'postalAddress') {
+    } elsif (grep { $field eq $_ } qw(postalAddress
+            co l postalCode streetAddress
+            postOfficeBox st
+            facsimileTelephoneNumber
+            o telephoneNumber
+            physicalDeliveryOfficeName
+            site
+        )) {
         if (my $fmainaddress = $self->_get_c_field('mainaddress')) {
             my $address = $self->base->get_object('address', $fmainaddress);
 …
+}
+sub _get_state {
+    my ($self, $state) = @_;
+    for ($state) {
+        /^expired$/ and do {
+            my $attribute = $self->attribute('expire');
+            $attribute->check_acl('r') or return;
+            my $sth = $self->db->prepare_cached(
+                q{ select coalesce(expire < now(), false) as exp from "user"
+                where "user".name = ?}
+            );
+            $sth->execute($self->id);
+            my $res = $sth->fetchrow_hashref;
+            $sth->finish;
+            return $res->{exp} ? 1 : 0;
+        };
+    }
+}
 sub set_fields {
     my ($self, %data) = @_;
 …
     my $res = 0;
     foreach my $attr (keys %data) {
+        $attr eq 'gidnumber' && $data{$attr} !~ /^\d+$/ and do {
+            my $group = $self->base->get_object('group', $data{$attr}) or do {
+                $self->base->log(LA_ERROR,
+                    "Can't set gidNumber to %s: no such group", $data{$attr});
+                return;
+            };
+            $data{$attr} = $group->get_attributes('gidNumber');
+        };
         $attr =~ /^memberOf$/ and do {
             my %member;
 …
                     $res++;
                 } elsif ($member{$_}{c}) {
+                    if (($self->get_c_field('department') || '') eq $group->id) {
+                        $self->base->log(LA_WARN,
+                            "Don't removing user %s from group %s: is it's department",
+                            $self->id, $group->id);
+                        next;
+                    }
                     my $sth = $self->db->prepare_cached(
                         q{delete from group_attributes_users where value = ? and attr = ? and okey = ?}
 …
+            }
         };
+        grep { $attr eq $_ } (__PACKAGE__->_office_address_fields, __PACKAGE__->_address_fields()) and do {
+        grep { $attr eq $_ } (qw(co l postalCode streetAddress
+            postOfficeBox st facsimileTelephoneNumber
+            o telephoneNumber physicalDeliveryOfficeName site)) and do {
             my $fmainaddress = $self->_get_c_field('mainaddress');
             # set address attribute => create address object on the fly
 …
             if ($fmainaddress &&
                 (my $address = $self->base->get_object('address', $fmainaddress))) {
+                $res += $address->set_c_fields($attr => $data{$attr}) ||0;
+                if ($address->attribute($attr) &&
+                    !$address->attribute($attr)->ro) {
+                    $res += $address->set_c_fields($attr => $data{$attr}) ||0;
+                }
+            }
             next;
 …
+    }
     if (keys %fdata) {
+        return $self->SUPER::set_fields(%fdata) + $res;
+        if (defined(my $res2 = $self->SUPER::set_fields(%fdata))) {
+           return $res2 + $res;
+       } else {
+           return;
+       }
     } else { return $res; }
+}

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/objects.pm

-                      r764
+                      r861
 =cut
-# This fields are special in sense they may come from site field
-sub _address_fields { qw(co l postalCode streetAddress postOfficeBox st
-    facsimileTelephoneNumber o) }
 =head1 FUNCTIONS
 …
 =cut
+sub attributes_table { $_[0]->object_table . '_attributes_list' }
 sub list {
 …
 sub has_extended_attributes { 0 }
+# Work only for very simple case, must be override
+sub _inline_fields {
+    my ($self, $for, $base) = @_;
+    if ($base->{__cache}{$self->object_table}) {
+        return %{$base->{__cache}{$self->object_table}};
+    }
+    my @res;
+    my $sth = $base->db->prepare(
+        q{SELECT column_name FROM information_schema.columns
+          WHERE table_name = ?}
+    );
+    $sth->execute($self->object_table);
+    while (my $res = $sth->fetchrow_hashref) {
+        if ($for =~ 'w') {
+            next if($res->{column_name} =~ /^(rev|date|create|ikey)$/);
+            next if($res->{column_name} eq $self->key_field);
+        }
+        push(@res, $res->{column_name});
+    }
+    my %fields = map { $_ => $_ } @res;
+    $base->{__cache}{$self->object_table} = \%fields;
+    %fields
+sub _get_attr_schema {
+    my ($class, $base, $info) = @_;
+    $info ||= {};
+    if (!$base->{__cache}{$class->object_table}{inline}) {
+        $base->{__cache}{$class->object_table}{inline} = [];
+        my $sth = $base->db->prepare(
+            q{SELECT column_name FROM information_schema.columns
+              WHERE table_name = ?}
+        );
+        $sth->execute($class->object_table);
+        while (my $res = $sth->fetchrow_hashref) {
+            push(@{$base->{__cache}{$class->object_table}{inline}},
+                $res->{column_name});
+        }
+    }
+    foreach (@{$base->{__cache}{$class->object_table}{inline}}) {
+        $info->{$_}{inline} = 1;
+        if (m/^(rev|date|create|ikey)$/) {
+            $info->{$_}{ro} = 1
+        }
+    }
+    if ($class->has_extended_attributes) {
+        if (!$base->{__cache}{$class->object_table}{extend}) {
+            $base->{__cache}{$class->object_table}{extend} = [];
+            my $sth = $base->db->prepare_cached(
+                sprintf(
+                    q{select canonical from %s order by canonical},
+                    $base->db->quote_identifier($class->attributes_table),
+                )
+            );
+            $sth->execute;
+            while (my $res = $sth->fetchrow_hashref) {
+                push(@{$base->{__cache}{$class->object_table}{extend}},
+                        $res->{canonical});
+            }
+        }
+        foreach (@{$base->{__cache}{$class->object_table}{extend}}) {
+            $info->{$_} ||= {};
+        }
+    }
+    $info->{exported}   = { inline => 1, formtype => 'CHECKBOX', hide => 1, };
+    $info->{unexported} = { inline => 1, formtype => 'CHECKBOX', };
+    $info
+}
 …
     my ($class, $for, $base) = @_;
     return();
+}
-# Everything from attributes_list table
-# $for is uneeded here as all this attributes are rw
-sub _extended_field {
-    my ($class, $for, $base) = @_;
-    my @attr;
-    if ($class->has_extended_attributes) {
-        if ($base->{__cache}{_extended_field}{$class}) {
-            return map { $_ => $_ }
-               @{$base->{__cache}{_extended_field}{$class}};
+        }
-        my $sth = $base->db->prepare_cached(
-            sprintf(
-                q{select canonical from %s order by canonical},
-                $base->db->quote_identifier($class->object_table . '_attributes_list'),
+            )
-        );
-        $sth->execute;
-        while (my $res = $sth->fetchrow_hashref) {
-            push(@attr, $res->{canonical});
+        }
-        $base->{__cache}{_extended_field}{$class} = \@attr;
-        return map { $_ => $_ } @attr;
-    } else {
-        return ()
+    }
+}
-sub _canonical_fields {
-    my ($class, $base, $for) = @_;
-    $for ||= 'rw';
-    my %inl = (
-        ($class->_inline_fields($for, $base)),
-        ($class->_managed_fields($for, $base)),
-        ($class->_extended_field($for, $base)),
-    );
-    return sort keys %inl;
+}
-sub _get_field_name_db {
-    my ($class, $c_field, $base) = @_;
-    $class->has_extended_attributes or return;
-    $class->object_table or return;
-    my $sth = $base->db->prepare_cached(
-        sprintf(
-            q{select ikey from %s where canonical = ?},
-            $base->db->quote_identifier($class->object_table . '_attributes_list'),
+        )
-    );
-    $sth->execute($c_field);
-    my $res = $sth->fetchrow_hashref;
-    $sth->finish;
-    return $c_field if($res->{ikey});
+}
-sub _get_field_name {
-    my ($class, $c_field, $base, $for) = @_;
-    $c_field or return;
-    $for ||= 'rw';
-    my %fields = $class->_managed_fields($for, $base);
-    return $fields{$c_field} if ($fields{$c_field});
-    %fields = $class->_inline_fields($for, $base);
-    return $fields{$c_field} if ($fields{$c_field});
-    %fields = $class->_extended_field($for, $base);
-    return $fields{$c_field}
+}
 …
     my $count = $sth->execute($id);
     $sth->finish;
     $count == 1 or return;
+    ($count || 0) == 1 or return;
     $class->SUPER::new($base, $id);
+}
 …
     # splitting inline from extended
-    my %inlined = $class->_inline_fields('w', $base);
-    my %inl = map { $_ => 1 } values %inlined;
     my (%first, %second);
+    # Ensure object is exported if not specified
+    $data{exported} = 1 if (!exists($data{exported}));
+    if (exists $data{unexported}) {
+        $data{exported} = $data{unexported} ? 0 : 1;
+        delete $data{unexported}
+    }
     foreach (keys %data) {
+        $_ =~ /exported/ and $data{$_} = $data{$_} ? 1 : 0;
+        if ($inl{$_}) {
+        my $attr = $base->attribute($class->type, $_) or next;
+        $_ =~ /^exported$/ and $data{$_} = $data{$_} ? 1 : 0;
+        if ($attr->{inline}) {
             $first{$_} = $data{$_};
         } else {
 …
     );
     if ($sthr->execute($newid, $id) != 1) {
+    if (($sthr->execute($newid, $id) || 0) != 1) {
         $base->log(LA_ERR, "Erreur renaming %s %s to %s",
             $class->type,
 …
 sub get_field {
     my ($self, $field) = @_;
+    my %inl = $self->_inline_fields('r', $self->base);
+    my %inline = map { $_ => 1 } values %inl;
+    if ($inline{$field}) {
+    if ($field eq 'unexported') {
+        return $self->get_field('exported') ? undef : 1;
+    }
+    my $attr = $self->attribute($field) or return;
+    if ($attr->{inline}) {
     my $sth = $self->db->prepare_cached(
         sprintf(
 …
+            )
         );
         $sth->execute($self->id); #, $field);
+        $sth->execute($self->id);
         delete($__cache->{$self->id});
         $__cache->{$self->id}{__time} = time;
 …
     my @vals;
     my %ext;
+    my %inl = $self->_inline_fields('w', $self->base);
+    my %inline = map { $_ => 1 } values %inl;
+    if (exists($data{unexported})) {
+        $data{exported} = $data{unexported} ? 0 : 1;
+    }
     foreach my $field (keys %data) {
+        $data{$field} = $data{$field} ? 1 : 0 if($field eq 'exported');
+        my $attr = $self->attribute($field);
+        next if ($field eq 'unexported');
         my $oldval = $self->get_field($field);
         next if (($data{$field} || '') eq ($oldval || ''));
         if ($inline{$field}) {
+        if ($attr->{inline}) {
         # TODO check fields exists !
             push(@fields, sprintf("%s = ?", $self->db->quote_identifier($field)));
 …
         );
         $sth->execute(@vals, $self->id) or do {
+            $self->base->log(LA_ERR, "Cannot update inline field %s" .
+                $self->base->db->strerr);
+            $self->base->log(LA_ERR,
+                "Cannot update inline field for object %s, %s: %s",
+                $self->type,
+                $self->id,
+                $self->base->db->errstr);
             return;
         };
 …
             ),
         );
+        my $sthd1 = $self->db->prepare_cached(
+            sprintf(
+                q{delete from %s where okey = ? and attr = ? and value = ?},
+                $self->db->quote_identifier($self->object_table. '_attributes'),
+            ),
+        );
         my $sthx = $self->db->prepare_cached(
             sprintf(
 …
         my $okey = $self->_get_ikey($self->base, $self->id);
+        foreach (keys %ext) {
+            if ($ext{$_}) {
+                my $res = $sthu->execute($ext{$_}, $okey, $_);
+                defined($res) or do {
+                    $self->base->log(LA_ERR,
+                        "Error while udapting attributes: %s",
+                        $self->base->db->strerr
+                    );
+                    return;
+                };
+                if ($res == 0) {
+                    $res = $sthx->execute($okey, $_, $ext{$_});
+        foreach my $uattr (keys %ext) {
+            my $attr = $self->attribute($uattr);
+            if ($ext{$uattr}) {
+                if ($attr->{multiple}) {
+                    my $updated = 0;
+                    my $oldvalue = $self->get_field($uattr);
+                    my %newvalues = map { $_ => 1 } (ref $ext{$uattr}
+                        ? @{$ext{$uattr}}
+                        : $ext{$uattr});
+                    foreach (grep { $_ } ref $oldvalue ? @{$oldvalue} : $oldvalue) {
+                        if(exists($newvalues{$_})) {
+                            $newvalues{$_} = 0;
+                        } else {
+                            defined($sthd1->execute($okey, $uattr, $_)) or do {
+                                $self->base->log(LA_ERR,
+                                    "Error while updating attributes on %s/%s %s: %s",
+                                    $self->type,
+                                    $self->id,
+                                    $uattr,
+                                    $self->base->db->errstr
+                                );
+                                return;
+                            };
+                            $updated++;
+                        }
+                    }
+                    foreach (grep { $newvalues{$_} } keys %newvalues) {
+                        $sthx->execute($okey, $uattr, $_) or do {
+                            $self->base->log(LA_ERR,
+                                "Error while updating attributes: %s/%s %s: %s",
+                                $self->type,
+                                $self->id,
+                                $uattr,
+                                $self->base->db->errstr
+                            );
+                            return;
+                        };
+                        $updated++;
+                    }
+                    $updated_attributes++ if ($updated);
+                } else {
+                    my $res = $sthu->execute($ext{$uattr}, $okey, $uattr);
                     defined($res) or do {
                         $self->base->log(LA_ERR,
+                            "Error while udapting attributes: %s",
+                            $self->base->db->strerr
+                            "Error while udapting attributes: %s/%s %s: %s",
+                            $self->type,
+                            $self->id,
+                            $uattr,
+                            $self->base->db->errstr
                         );
+                        $updated_attributes++;
                         return;
                     };
+                    if ($res == 0) {
+                        $res = $sthx->execute($okey, $uattr, $ext{$uattr});
+                        defined($res) or do {
+                            $self->base->log(LA_ERR,
+                                "Error while updating attributes: %s/%s %s: %s",
+                                $self->type,
+                                $self->id,
+                                $uattr,
+                                $self->base->db->errstr
+                            );
+                            $updated_attributes++;
+                            return;
+                        };
+                    }
+                }
             } else {
                 defined($sthd->execute($okey, $_)) or do {
+                defined($sthd->execute($okey, $uattr)) or do {
                     $self->base->log(LA_ERR,
+                        "Error while deleting attributes: %s",
+                        $self->base->db->strerr
+                        "Error while deleting attributes: %s/%s %s: %s",
+                        $self->otype,
+                        $self->id,
+                        $uattr,
+                        $self->base->db->errstr
                     );
                     return;
 …
 sub attributes_summary {
     my ($class, $base, $attribute) = @_;
+    $class->has_extended_attributes && $class->object_table or
+    my $attr = $base->attribute($class->type, $attribute);
+    if ($attr->{managed}) {
         return $class->SUPER::attributes_summary($base, $attribute);
+    }
     my $sth = $base->db->prepare_cached(
+        sprintf(
+            q{select value from %s where attr = ? group by value},
+            $base->db->quote_identifier($class->object_table .
+                '_attributes'),
+        )
+    );
+    $sth->execute($attribute);
+        $attr->{inline}
+            ? sprintf(
+                q{select %s as value from %s},
+                $base->db->quote_identifier($attr->iname),
+                $base->db->quote_identifier($class->object_table),
+            )
+            : sprintf(
+                q{select value from %s where attr = ? group by value},
+                $base->db->quote_identifier($class->object_table .
+                    '_attributes'),
+            )
+    );
+    $sth->execute($attr->{inline} ? () : ($attribute));
     my @values;
 …
 sub _set_password {
     my ($self, $clear_pass) = @_;
+    if (my $field = $self->base->get_field_name($self->type, 'userPassword')) {
+    if (my $attr = $self->base->attribute($self->type, 'userPassword')) {
+        my $field = $attr->iname;
         my @salt_char = (('a' .. 'z'), ('A' .. 'Z'), (0 .. 9), '/', '.');
         my $salt = join('', map { $salt_char[rand(scalar(@salt_char))] } (1 .. 8));
         my $res = $self->set_fields($field, crypt($clear_pass, '$1$' . $salt));
+        if (!$res) {
+            return;
+        }
         if (my $serialize = $self->base->get_global_value('rsa_public_key')) {
 …
                 Armour     => 1,
             ) || die $self->poll->rsa->errstr();
+            $self->set_c_fields('encryptedPassword', $rsa_password);
+            return $self->set_c_fields('encryptedPassword', $rsa_password);
+        } else {
+            return 1;
+        }
     } else {
 …
     my ($class, $base, @filter) = @_;
+    if ($class->has_extended_attributes) {
+        my %attrsql;
+        my %attrbind;
+        while (my $item = shift(@filter)) {
+            # attr=foo => no extra white space !
+            # \W is false, it is possible to have two char
+            my ($attr, $mode, $val) = $item =~ /^(\w+)(?:(\W)(.+))?$/ or next;
+            if (!$mode) {
+                $mode = '~';
+                $val = shift(@filter);
+            }
+            $val ||= '';
+            push(@{ $attrsql{$attr} },
+                sprintf("\n\t" . q{select okey from %s where attr=? %s} . "\n",
+                    $base->db->quote_identifier($class->object_table .
+                        '_attributes'),
+                    $val eq '*'
+                        ? ''
+                        : ($mode eq '~'
+                            ? q{and value ILIKE ?}
+                            : q{and value = ?} )
+                )
+    my %attrsql;
+    my %attrbind;
+    while (my $item = shift(@filter)) {
+        # attr=foo => no extra white space !
+        # \W is false, it is possible to have two char
+        my ($attr, $mode, $val) = $item =~ /^(\w+)(?:(\W)(.+))?$/ or next;
+        if (!$mode) {
+            $mode = '~';
+            $val = shift(@filter);
+        }
+        my $attribute = $base->attribute($class->type, $attr) or do {
+            $base->log(LA_ERR, "Unknown attribute $attr");
+            next;
+        };
+        defined($val) or $val =  '';
+        $val = $attribute->input($val);
+        my $sql;
+        # Specific case for unexported attribute, comming from exported value
+        if ($attribute->iname eq 'unexported') {
+            $sql = sprintf(
+                q{select ikey from %s where %s},
+                $base->db->quote_identifier($class->object_table),
+                $val ? q{exported='f'} : q{exported='t'}
+            )
+        } elsif ($attribute->{inline}) {
+            $sql = sprintf(
+                q{select ikey from %s where %s %s},
+                $base->db->quote_identifier($class->object_table),
+                $base->db->quote_identifier($attribute->iname),
+                $val eq '*'
+                    ? 'is not NULL'
+                    : $mode eq '~'
+                        ? 'ILIKE ?'
+                        : '= ?'
             );
-            push(@{$attrbind{$attr}}, $base->get_field_name($class->type, $attr, 'r'));
             push(@{$attrbind{$attr}}, $mode eq '~' ? '%' . $val . '%' : $val) unless($val eq '*');
+        }
+        # building the query
+        my @sqlintersec;
+        if (!$base->{wexported}) {
+           push(@sqlintersec, sprintf(
+                   q{select ikey from %s where exported = true},
+                   $base->db->quote_identifier($class->object_table)
+               )
+           );
+        }
+        my @bind;
+        foreach (keys %attrsql) {
+            push(@sqlintersec, '(' . join(" union ", @{$attrsql{$_}}) . ")\n");
+            push(@bind, @{$attrbind{$_}});
+        }
+        my $sth = $base->db->prepare(
+            sprintf(q{
+                select name from %s
+                %s
+                },
+                $base->db->quote_identifier($class->object_table),
+                @sqlintersec
+                    ? "where ikey in (\n" . join("\n intersect\n", @sqlintersec) . ")\n"
+                    : '',
+            )
+        );
+        $sth->execute(@bind);
+        my @results;
+        while (my $res = $sth->fetchrow_hashref) {
+            push(@results, $res->{name});
+        }
+        return(@results);
+        } else {
+            $sql = sprintf(
+                q{select okey from %s where attr = ? %s},
+                $base->db->quote_identifier(
+                    $class->object_table . '_attributes'
+                ),
+                $val eq '*'
+                    ? ''
+                    : $mode eq '~'
+                        ? q{and value ILIKE ?}
+                        : q{and value = ?}
+            );
+            push(@{$attrbind{$attr}}, $attribute->iname);
+            push(@{$attrbind{$attr}}, $mode eq '~' ? '%' . $val . '%' : $val) unless($val eq '*');
+        }
+        push(@{ $attrsql{$attr} }, $sql);
+    }
+    # building the query
+    my @sqlintersec;
+    if (!$base->{wexported}) {
+        push(@sqlintersec, sprintf(
+                q{select ikey from %s where exported = true},
+                $base->db->quote_identifier($class->object_table)
+            )
+        );
+    }
+    my @bind;
+    foreach (keys %attrsql) {
+        push(@sqlintersec, '(' . join(" union ", @{$attrsql{$_}}) . ")\n");
+        push(@bind, @{$attrbind{$_} || []});
+    }
+    my $sth = $base->db->prepare(
+        sprintf(q{
+            select name from %s
+            %s
+            order by name
+            },
+            $base->db->quote_identifier($class->object_table),
+            @sqlintersec
+            ? "where ikey in (\n" . join("\n intersect\n", @sqlintersec) . ")\n"
+            : '',
+        )
+    );
+    $sth->execute(@bind);
+    my @results;
+    while (my $res = $sth->fetchrow_hashref) {
+        push(@results, $res->{name});
+    }
+    return(@results);
+}
+sub register_attribute {
+    my ($class, $base, $attribute, $comment) = @_;
+    $base->attribute($class->type, $attribute) and do {
+        $base->log(LA_ERR, "The attribute $attribute already exists");
+        return;
+    };
+    my $sth = $base->db->prepare(
+        sprintf(q{
+            insert into %s (canonical, description)
+            values (?,?)
+            }, $class->attributes_table)
+    );
+    my $res = $sth->execute($attribute, $comment);
+}
+sub get_attribute_comment {
+    my ($class, $base, $attribute) = @_;
+    $base->attribute($class->type, $attribute) or do {
+        $base->log(LA_ERR, "The attribute $attribute does not exists");
+        return;
+    };
+    my $sth = $base->db->prepare(
+        sprintf(q{
+            select description from %s
+            where canonical = ?
+            }, $class->attributes_table)
+    );
+    $sth->execute($attribute);
+    if (my $res = $sth->fetchrow_hashref) {
+        $sth->finish;
+        return $res->{description};
     } else {
+        my @bind;
+        my @where;
+        while (my $item = shift(@filter)) {
+            # attr=foo => no extra white space !
+            # \W is false, it is possible to have two char
+            my ($attr, $mode, $val) = $item =~ /^(\w+)(?:(\W)(.+))?$/ or next;
+            if (!$mode) {
+                $mode = '~';
+                $val = shift(@filter);
+            }
+            if ($val eq '*') {
+                push(@where, sprintf("%s is not NULL",
+                        $base->db->quote_identifier($base->get_field_name($class->type,
+                                $attr, 'r'))
+                    )
+                );
+            } else {
+                push(@where, sprintf("%s %s ?",
+                        $base->db->quote_identifier(
+                            $base->get_field_name($class->type, $attr, 'r')
+                        ),
+                        $mode eq '~' ? 'ILIKE' : '=',
+                    ));
+                push(@bind, lc($val));
+            }
+        }
+        my $sth = $base->db->prepare(
+            sprintf(q{select name from %s where %s},
+                $base->db->quote_identifier($class->object_table),
+                join(' and ', @where),
+            )
+        );
+        $sth->execute(@bind);
+        my @results;
+        while (my $res = $sth->fetchrow_hashref) {
+            push(@results, $res->{name});
+        }
+        return(@results);
+    }
+}
+        return;
+    }
+}
+sub set_attribute_comment {
+    my ($class, $base, $attribute, $comment) = @_;
+    my $attr = $base->attribute($class->type, $attribute) or do {
+        $base->log(LA_ERR, "The attribute $attribute does not exists");
+        return;
+    };
+    $attr->{inline} and do {
+        $base->log(LA_ERR,
+            "Cannot set comment to inline attribute, sorry, blame the author !"
+        );
+        return;
+    };
+    my $sth = $base->db->prepare(
+        sprintf(q{
+            update %s set description = ?
+            where canonical = ?
+            }, $class->attributes_table)
+    );
+    my $res = $sth->execute($comment, $attribute);
+}
 ;

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Unix.pm

-                      r815
+                      r861
     my $base = {
-        passwd =>  $options{passwd} || '/etc/passwd',
-        shadow =>  $options{shadow} || '/etc/shadow',
-        group =>   $options{group} || '/etc/group',
-        gshadow => $options{gshadow} || '/etc/gshadow',
         # are we using shadow, default to yes
         use_shadow => (defined($options{use_shadow}) ? $options{use_shadow} : 1),
 …
     };
+    foreach (qw(passwd shadow group gshadow)) {
+        if ($options{$_}) {
+            $base->{$_} = $options{$_};
+        } elsif ($options{directory}) {
+            $base->{$_} = $options{directory} . '/' . $_;
+        } else {
+            $base->{$_} = "/etc/$_";
+        }
+    }
     bless($base, $class);
+}
-sub _canonicals_fields {
-    my ($self, $type, $for) = @_;
-    $type = lc($type);
+    {
-        user => {
-            uidNumber       => 'uid',
-            gidNumber       => 'gid',
-            gecos           => 'gecos',
-            homeDirectory   => 'home',
-            loginShell      => 'shell',
-            userPassword    => ($self->{use_shadow} ? 'spassword' : 'password'),
-            memberOf        => 'memberOf',
-            locked          => 'locked',
-            ($for !~ /w/ ? (
-            givenName       => 'givenName',
-            sn              => 'sn',
-            uid             => 'login',
-            sAMAccountName  => 'login',
-            ) : ()),
-            $self->{use_shadow} ?
+            (
-            shadowLastChange => 'last_changed',
-            shadowMin       => 'before_ch',
-            shadowMax       => 'after_ch',
-            shadowWarning   => 'exp_warn',
-            shadowInactive  => 'exp_disable',
-            shadowExpire    => 'disable',
-            shadowFlag      => 'res',
-            ) : (),
-            # description => not supported
-        },
-        group => {
-            ($for !~ /w/ ? (
-            sAMAccountName  => 'group_name',
-            ) : ()),
-            gidNumber       => 'gid',
-            memberUID       => 'user_list',
-        },
-    }->{$type}
+}
-sub list_canonical_fields {
-    my ($self, $type, $for) = @_;
-    $for ||= 'rw';
-    keys %{ $self->_canonicals_fields($type, $for) || {} }
+}
-sub get_field_name {
-    my ($self, $type, $cfield, $for) = @_;
-    $for ||= 'rw';
-    ($self->_canonicals_fields($type, $for) || {})->{$cfield}
+}
 …
     truncate($handle, 0);
     foreach my $line (@data) {
         print $handle join(':', map { defined($_) ? $_ : '' } @$line) . "\n";
+        print $handle join(':', map { my $f = $_; $f =~ s/:/;/g; $f } map { defined($_) ? $_ : '' } @$line) . "\n";
+    }
     close($handle);

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Unix/Group.pm

-                      r807
+                      r861
 =cut
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    {
+        sAMAccountName => {
+            iname => 'group_name',
+            ro => 1,
+        },
+        gidNumber => {
+            iname => 'gid',
+        },
+        memberUID => {
+            iname => 'user_list',
+            multiple => 1,
+            delayed => 1,
+        },
+    };
+}
 =head2 new(%options)
 …
         return bless($base->{groups}{$id}, $class);
     } else { return }
+}
-sub _delayed_fields {
-    my ($self)= @_;
-    return qw(memberUID);
+}

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Unix/User.pm

-                      r806
+                      r861
 =cut
+sub _get_attr_schema {
+    my ($class, $base) = @_;
+    {
+        uidNumber       => { iname => 'uid', uniq => 1, },
+        gidNumber       => { iname => 'gid',
+            can_values => sub {
+                map { $_->get_attributes('gidNumber') }
+                map { $base->get_object('group', $_) }
+                $base->list_objects('group')
+            },
+            reference => 'group',
+            mandatory => 1,
+        },
+        gecos           => { },
+        homeDirectory   => { iname => 'home' },
+        loginShell      => { iname => 'shell' },
+        userPassword    => {
+            iname => ($base->{use_shadow} ? 'spassword' : 'password')
+        },
+        memberOf        => { delayed => 1, },
+        locked          => {},
+        givenName       => { ro => 1 },
+        sn              => { ro => 1 },
+        uid             => { iname => 'login', ro => 1 },
+        sAMAccountName  => { iname => 'login', ro => 1 },
+        $base->{use_shadow} ?
+        (
+            shadowLastChange => { iname => 'last_changed' },
+            shadowMin        => { iname => 'before_ch' },
+            shadowMax        => { iname => 'after_ch' },
+            shadowWarning    => { iname => 'exp_warn' },
+            shadowInactive   => { iname => 'exp_disable' },
+            shadowExpire     => { iname => 'disable' },
+            shadowFlag       => { iname => 'res' },
+        ) : (),
+    };
+}
 =head2 new(%options)
-Create a new LATMOS::Ad object for windows AD $domain.
-domain / server: either the Ad domain or directly the server
-ldap_args is an optionnal list of arguments to pass to L<Net::LDAP>.
 =cut
 …
         return bless($base->{users}{$id}, $class);
     } else { return }
+}
-sub _delayed_fields {
-    my ($self)= @_;
-    return qw(memberOf);
+}

LATMOS-Accounts/lib/LATMOS/Accounts/Cli.pm

-                      r851
+                      r861
 use Term::ReadLine;
 use Text::ParseWords;
+use Getopt::Long;
+{
+    open (my $fh, "/dev/tty" )
+        or eval 'sub Term::ReadLine::findConsole { ("&STDIN", "&STDERR") }';
+    die $@ if $@;
+    close ($fh);
+}
 my $term = Term::ReadLine->new('LA CLI');
+$term->MinLine(99999);
 my $OUT = $term->OUT || \*STDOUT;
+my $trans_mode = 0;
 sub globalenv {
 …
             if ($arg eq 'yes') {
                 $env->base->unexported(1);
                 print $OUT "Unexported are now show";
+                print $OUT "Unexported are now show\n";
             } elsif ($arg eq 'no') {
                 $env->base->unexported(0);
                 print $OUT "Unexported are no longer show";
+                print $OUT "Unexported are no longer show\n";
             } elsif ($arg eq 'show') {
                 print $OUT "Unexported objects " . $env->base->unexported ?
                 "enable" : "disable";
+                print $OUT "Unexported objects " . ($env->base->unexported ?
+                "enable" : "disable") . "\n";
             } else {
                 print $OUT "wrong argument";
+                print $OUT "wrong argument\n";
+            }
         },
 …
                     print $OUT map { "$_\n" } $_[0]->base->list_objects($_[1]);
                 } else {
                     print $OUT "Object type missing";
+                    print $OUT "Object type missing\n";
+                }
             },
 …
                     $env->{_lastsearchtype} = $args[0];
                 } else {
                     print $OUT "Object type missing";
+                    print $OUT "Object type missing\n";
+                }
             },
 …
                         @ids = @{$env->{_lastsearch}};
                     } else {
                         print $OUT "No results store from previous search";
+                        print $OUT "No results store from previous search\n";
                         return;
+                    }
+                }
                 if (!@ids) {
                     print $OUT 'not enough arguments';
+                    print $OUT 'not enough arguments' . "\n";
                     return;
+                }
                 foreach (@ids) {
                     my $obj = $env->base->get_object($otype, $_) or do {
                         print $OUT "Cannot get $otype $_";
+                        print $OUT "Cannot get $otype $_\n";
                         return;
                     };
                     push(@objs, $obj);
+                }
                 print $OUT "Selecting $otype " . join(', ', @ids);
+                print $OUT "Selecting $otype " . join(', ', @ids) . "\n";
                 objenv($_[0]->base, $otype, @objs)->cli();
             },
         });
+    $env->add_func('create', {
+            code => sub {
+                my ($env, $otype) = @_;
+                my $helper = $env->base->ochelper($otype);
+                my $info = undef;
+                while (1) {
+                    my $status;
+                    ($status, $info) = $helper->step($info);
+                    if ($status ne 'NEEDINFO') {
+                        if ($status eq 'CREATED') {
+                            print $OUT "Object created\n";
+                            $env->commit;
+                        } else {
+                            print $OUT "Nothing done\n";
+                            $env->rollback;
+                        }
+                        return;
+                    }
+                    if ($info->{name}{ask}) {
+                        my $line = $term->readline("Name of the object ?");
+                        $info->{name}{content} = $line;
+                    }
+                    foreach my $attr (@{$info->{ask} || []}) {
+                        $term->Attribs->{completion_function} = sub {
+                            $info->{contents}{$attr}
+                        };
+                        my $line = $term->readline(sprintf('  %s %s? ',
+                                $attr,
+                                $info->{contents}{$attr}
+                                ? '(' . $info->{contents}{$attr} . ') '
+                                : ''
+                            ));
+                        $info->{contents}{$attr} = $line if($line);
+                    }
+                }
+            },
+        }
+    );
+    $env->add_func('exchangeip',
+        {
+            help => 'Exchange two IP on host',
+            code => sub {
+                my ($env, @args) = @_;
+                my ($ip1, $ip2) =
+                    grep { $_ && $_ =~ /\d+\.\d+\.\d+\.\d+/ } @args;
+                if (!$ip2) {
+                    print $OUT "Need two ip to exchange\n";
+                    return;
+                }
+                if ($env->base->nethost_exchange_ip($ip1, $ip2)) {
+                    print $OUT "$ip1 and $ip2 get exchange\n";
+                    $env->commit;
+                } else {
+                    $env->rollback;
+                }
+            },
+            completion => sub {
+                my ($env, $carg, @args) = @_;
+                if ($args[-1] && $args[-1] !~ m/\d+\.\d+\.\d+\.\d+/) {
+                    if (my $obj = $env->base->get_object('nethost', $args[-1])) {
+                        return $obj->get_attributes('ip');
+                    }
+                } else {
+                    my @list =
+                    ($env->base->attributes_summary('nethost', 'ip'),
+                        $env->base->list_objects('nethost'));
+                    return @list;
+                }
+            },
+        }
+    );
     $env->add_func('user',  { alias => [qw'select user' ] });
     $env->add_func('group', { alias => [qw'select group'] });
 …
     $objenv->{_otype} = $otype;
     $objenv->{_objects} = [ @objs ];
+    $objenv->add_func('+', {
+        help => 'add item to selection',
+        code => sub {
+            my ($env, @ids) = @_;
+            my %ids = map { $_->id => 1 } @{$env->{_objects}};
+            foreach (@ids) {
+                $ids{$_} and next;
+                my $o = $env->base->get_object($env->{_otype}, $_) or next;
+                push(@{$env->{_objects}}, $o);
+            }
+            printf $OUT "select is now %s: %s\n", $env->{_otype}, join(', ', map {
+                $_->id } @{$env->{_objects}});
+        },
+        completion => sub {
+            my ($env, undef, @ids) = @_;
+            my %ids = map { $_->id => 1 } @{$env->{_objects}};
+            return ( grep { ! $ids{$_} } $env->base->list_objects($env->{_otype}));
+        },
+        }
+    );
+    $objenv->add_func('-', {
+        help => 'add item to selection',
+        code => sub {
+            my ($env, @ids) = @_;
+            my %ids = map { $_ => 1 } @ids;
+            my @newobjs = grep { !$ids{$_->id} } @{$env->{_objects}};
+            if (!@newobjs) {
+                print $OUT "This would remove all objects from the list...\n";
+                return;
+            } else {
+                @{$env->{_objects}} = @newobjs;
+            }
+            printf $OUT "select is now %s: %s\n", $env->{_otype}, join(', ', map {
+                $_->id } @{$env->{_objects}});
+        },
+        completion => sub {
+            my ($env, undef, @ids) = @_;
+            my %ids = map { $_ => 1 } @ids;
+            grep { !$ids{$_} } map { $_->id } @{$env->{_objects}};
+        },
+        }
+    );
     $objenv->add_func('show', {
         help => 'show attributes - show an attributes of object',
 …
         code => sub {
             my ($env, $fmt) = @_;
+            if (!defined($fmt)) {
+                print $OUT "no format given";
+                return;
+            }
             foreach (@{$env->{_objects}}) {
                 print $OUT $_->queryformat($fmt) . "\n";
 …
             foreach (@{$env->{_objects}}) {
                 defined $_->set_c_fields($attr => undef) or do {
+                    print $OUT "cannot unset attributes $attr for " . $_->id;
+                    print $OUT "cannot unset attributes $attr for " . $_->id .
+                    "\n";
                     return;
                 };
+            }
             $env->base->commit;
             print $OUT "Changes applied";
+            $env->commit;
+            print $OUT "Changes applied\n";
         },
         completion => sub {
 …
             my ($env, $attr, @value) = @_;
             @value or do {
                 print $OUT "attribute and value must be specified";
+                print $OUT "attribute and value must be specified\n";
                 return;
             };
 …
                     \@value) or do {
                     $_->base->rollback;
                     printf $OUT "Cannot set $attr to %s for %s", join(', ',
+                    printf $OUT "Cannot set $attr to %s for %s\n", join(', ',
                         @value), $_->id;
                     return;
                 };
+            }
             $env->base->commit;
             print $OUT "done";
+            $env->commit;
+            print $OUT "Done.\n";
         },
         completion => sub {
 …
                 return $env->base->list_canonical_fields($env->{_otype}, 'w')
             } else {
+                if ($env->base->obj_attr_allowed_values($env->{_otype}, $args[0])) {
+                    return $env->base->obj_attr_allowed_values($env->{_otype}, $args[0])
+                }
+                for ($args[0]) {
+                    /^manager|managedBy$/ and return
+                        $env->base->search_objects('user');
+                    /^department$/ and return
+                        $env->base->search_objects('group', 'sutype=dpmt');
+                    /^contratType$/ and return
+                        $env->base->search_objects('group', 'sutype=contrattype');
+                    /^site$/ and return
+                        $env->base->search_objects('site');
+                    if (@{$env->{_objects}} == 1) {
+                        return $env->{_objects}[0]->get_attributes($args[0]);
+                    }
+                my $attr = $env->base->attribute($env->{_otype}, $args[0]);
+                if ($attr->has_values_list) {
+                    $attr->can_values;
+                } elsif (@{$env->{_objects}} == 1) {
+                    return
+                    $env->{_objects}[0]->get_attributes($args[0]);
+                }
+            }
+        },
+    });
+    $objenv->add_func('add', {
+        help => 'add a value to an attribute',
+        code => sub {
+            my ($env, $attr, @value) = @_;
+            @value or do {
+                print $OUT "attribute and value must be specified\n";
+                return;
+            };
+            foreach (@{$env->{_objects}}) {
+                my @attrv = grep { $_ } $_->get_attributes($attr);
+                defined $_->set_c_fields($attr => [ @attrv, @value ]) or do {
+                    $_->rollback;
+                    printf $OUT "Cannot set $attr to %s for %s\n", join(', ',
+                        @value), $_->id;
+                    return;
+                };
+            }
+            $env->commit;
+            print $OUT "done\n";
+        },
+        completion => sub {
+            my ($env, $lastw, @args) = @_;
+            if (!$args[0]) {
+                return grep {
+                    $env->base->attribute($env->{_otype}, $_)->{multiple}
+                } $env->base->list_canonical_fields($env->{_otype}, 'w')
+            } else {
+                my $attr = $env->base->attribute($env->{_otype}, $args[0]);
+                if ($attr->has_values_list) {
+                    $attr->can_values;
+                } elsif (@{$env->{_objects}} == 1) {
+                    return
+                    $env->{_objects}[0]->get_attributes($args[0]);
+                }
+            }
+        },
+    });
+    $objenv->add_func('remove', {
+        help => 'remove a value from an attribute',
+        code => sub {
+            my ($env, $attr, @value) = @_;
+            @value or do {
+                print $OUT "attribute and value must be specified\n";
+                return;
+            };
+            foreach (@{$env->{_objects}}) {
+                my @attrv = grep { $_ } $_->get_attributes($attr);
+                foreach my $r (@value) {
+                    @attrv = grep { $_ ne $r } @attrv;
+                }
+                defined $_->set_c_fields($attr => @attrv ? [ @attrv ] : undef) or do {
+                    $_->rollback;
+                    printf $OUT "Cannot set $attr to %s for %s\n", join(', ',
+                        @value), $_->id;
+                    return;
+                };
+            }
+            $env->commit;
+            print $OUT "done\n";
+        },
+        completion => sub {
+            my ($env, $lastw, @args) = @_;
+            if (!$args[0]) {
+                return grep {
+                    $env->base->attribute($env->{_otype}, $_)->{multiple}
+                } $env->base->list_canonical_fields($env->{_otype}, 'w')
+            } else {
+                my $attr = $env->base->attribute($env->{_otype}, $args[0]);
+                if (@{$env->{_objects}} == 1) {
+                    return
+                    $env->{_objects}[0]->get_attributes($args[0]);
+                }
+            }
 …
         help => 'list current selected objects',
         code => sub {
             printf $OUT "%s: %s", $_[0]->{_otype}, join(', ', map { $_->id }
+            printf $OUT "%s: %s\n", $_[0]->{_otype}, join(', ', map { $_->id }
             @{$_[0]->{_objects}});
+        }
 …
                 if ($id) {
                     $obj = grep { $_->id = $id } @{$env->{_objects}} or do {
                         print $OUT "$id is not part of selected objects";
+                        print $OUT "$id is not part of selected objects\n";
                         return;
                     };
 …
                 } else {
                     print $OUT "multiple objects selected but can edit only one,"
                     . "please specify which one";
+                    . "please specify which one\n";
                     return;
+                }
 …
                         my $res = $obj->set_c_fields(%attr);
                         if ($res) {
                             print $OUT "Changes applied";
                             $env->base->commit;
+                            print $OUT "Changes applied\n";
+                            $env->commit;
+                        }
                         else { print $OUT "Error applying changes" }
+                        else { print $OUT "Error applying changes\n" }
                         return $res ? 1 : 0;
+                    }
 …
         code => sub {
             my ($env) = @_;
             printf $OUT "%s: %s\ndelete selected objects ? (yes/NO) ",
+            printf $OUT "%s: %s\ndelete selected objects ? (yes/NO)\n",
             $env->{_otype}, join(', ', map { $_->id } @{$env->{_objects}});
             my $reply = <STDIN> || ''; chomp($reply);
 …
                 foreach (@{$env->{_objects}}) {
                     $env->base->delete_object($env->{_otype}, $_->id) or do {
                         print $OUT "Cannot delete " . $_->id;
+                        print $OUT "Cannot delete " . $_->id . "\n";
                         return;
                     };
+                }
                 $env->base->commit;
+                $env->commit;
                 return "EXIT";
             } else {
+                print $OUT "cancel !"
+            }
+        },
+    });
+                print $OUT "cancel !\n"
+            }
+        },
+    });
+    if (grep { $objenv->base->attribute($otype, $_)->reference }
+        $objenv->base->list_canonical_fields($otype, 'r')) {
+        $objenv->add_func('select', {
+            help => 'select attribute [object]',
+            code => sub {
+                my ($env, $attrname, @objects) = @_;
+                my $totype = $env->base->attribute($env->{_otype},
+                    $attrname)->reference or return;
+                if (! @objects) {
+                    @objects = grep { $_ }
+                      map { $_->get_attributes($attrname) } @{$env->{_objects}};
+                }
+                {
+                    my %uniq = map { $_ => 1 } @objects;
+                    @objects = keys %uniq;
+                }
+                my @objs = (grep { $_ } map { $env->base->get_object($totype, $_) }
+                        @objects);
+                return if (!@objs);
+                print $OUT "Selecting $otype " . join(', ', map { $_->id } @objs) . "\n";
+                objenv($_[0]->base, $totype, @objs)->cli();
+            },
+            completion => sub {
+                if ($_[2]) {
+                    my $totype = $_[0]->base->attribute($_[0]->{_otype},
+                        $_[2])->reference or return;
+                    return grep { $_ }
+                           map { $_->get_attributes($_[2]) }
+                           @{$_[0]->{_objects}};
+                } else {
+                    return grep { $_[0]->base->attribute($otype, $_)->reference }
+                    $_[0]->base->list_canonical_fields($otype, 'r');
+                }
+            },
+            }
+        );
+    }
     if (lc($otype) eq 'user') {
 …
                             my $gobj = $env->base->get_object('group', $gid) or
                             do {
                                 print $OUT "Cannot find group $gid";
+                                print $OUT "Cannot find group $gid\n";
                                 return;
                             };
 …
                             delete($gr{$_}) foreach(@groups);
                         } else {
                             print $OUT 'invalid action';
+                            print $OUT 'invalid action' . "\n";
                             return;
+                        }
                         defined $obj->set_c_fields('memberOf' => [ keys %gr ]) or do {
                             print $OUT "cannot set memberOf attributes for " .
                             $obj->id;
+                            $obj->id . "\n";
                             return;
                         };
+                    }
+                }
                 $env->base->commit;
+                $env->commit;
             },
             completion => sub {
 …
                     return (qw(add remove primary));
                 } else {
+                    return $_[0]->base->search_objects('group');
+                    if ($_[2] eq 'remove') {
+                        my %uniq = map { $_ => 1 }
+                            grep { $_ }
+                            map { $_->get_attributes('memberOf') }
+                            @{$_[0]->{_objects}};
+                        return sort keys %uniq;
+                    } else {
+                        return $_[0]->base->search_objects('group');
+                    }
+                }
             },
 …
                         delete($gr{$_}) foreach(@groups);
                     } else {
                         print $OUT 'invalid action';
+                        print $OUT 'invalid action' . "\n";
                         return;
+                    }
                     defined $obj->set_c_fields('memberUID' => [ keys %gr ]) or do {
                         print $OUT "cannot set memberUID attributes for " .
                         $obj->id;
+                        $obj->id . "\n";
                         return;
                     };
+                }
                 $env->base->commit;
+                $env->commit;
             },
             completion => sub {
 …
                     return (qw(add remove));
                 } else {
+                    return $_[0]->base->search_objects('user');
+                    if ($_[2] eq 'remove') {
+                        my %uniq = map { $_ => 1 }
+                            grep { $_ }
+                            map { $_->get_attributes('member') }
+                            @{$_[0]->{_objects}};
+                        return sort keys %uniq;
+                    } else {
+                        return $_[0]->base->search_objects('user');
+                    }
+                }
             },
 …
     bless($env, $class);
     $env->{_labase} = $labase;
+    if ($labase->is_transactionnal) {
+        $env->add_func(
+            'transaction', {
+                help => 'change transaction mode',
+                code => sub {
+                    $trans_mode = $_[1] eq 'on' ? 1 : 0;
+                },
+                completion => sub {
+                    $trans_mode == 0 ? 'on' : 'off';
+                },
+            }
+        );
+        $env->add_func(
+            'commit', {
+                help => 'commit pending change',
+                code => sub {
+                    $_[0]->_commit;
+                },
+            }
+        );
+        $env->add_func(
+            'rollback', {
+                help => 'commit pending change',
+                code => sub {
+                    $_[0]->_rollback;
+                },
+            }
+        );
+    }
     $env->add_func('quit', { help => 'quit - exit the tool',
             code => sub { print "\n"; exit(0) }, });
 …
             my ($self, $name) = @_;
             if (!$name) {
                 print $OUT join(', ', sort keys %{ $self->{funcs} || {}});
+                print $OUT join(', ', sort keys %{ $self->{funcs} || {}}) . "\n";
             } elsif ($self->{funcs}{$name}{alias}) {
                 print $OUT "$name is an alias for " . join(' ',
                     @{$self->{funcs}{$name}{alias}});
+                    @{$self->{funcs}{$name}{alias}}) . "\n";
             } elsif ($self->{funcs}{$name}{help}) {
                 print $OUT $self->{funcs}{$name}{help};
+                print $OUT $self->{funcs}{$name}{help} . "\n";
             } else {
                 print $OUT "No help availlable";
+                print $OUT "No help availlable\n";
+            }
         },
 …
             $self->complete($_[0], shellwords(substr($_[1], 0, $_[2])));
         };
+        defined (my $line = $term->readline($self->prompt)) or return;
+        defined (my $line = $term->readline($self->prompt)) or do {
+            print $OUT "\n";
+            return;
+        };
+        $term->addhistory($line);
         my $res = $self->run(shellwords($line));
         $self->base->rollback;
         if ($res && $res eq 'EXIT') { return }
+        $self->rollback if (!$trans_mode);
+        if ($res && $res eq 'EXIT') { print $OUT "\n"; return }
+    }
+}
 …
+}
+sub getoption {
+    my ($self, $opt, @args) = @_;
+    local @ARGV = @args;
+    Getopt::Long::Configure("pass_through");
+    GetOptions(%{ $opt });
+    return @ARGV;
+}
 sub parse_arg {
     my ($self, $name, @args) = @_;
+    if ($self->{funcs}{$name}{opt}) {
+        @ARGV = @args;
+    } else {
+        return @args;
+    }
+    return @ARGV;
+    return @args;
+}
 …
     my ($self, $name, @args) = @_;
     return if (!$name);
+    if ($self->{funcs}{$name}{alias}) {
+    if (!exists($self->{funcs}{$name})) {
+        print $OUT "No command $name found\n";
+    } elsif ($self->{funcs}{$name}{alias}) {
         $self->run(@{$self->{funcs}{$name}{alias}}, @args);
     } elsif ($self->{funcs}{$name}{code}) {
         my @pargs = $self->parse_arg($name, @args);
         $self->{funcs}{$name}{code}->($self, @args);
+    } else {
+        print $OUT "No command $name found\n";
+    }
+}
+sub commit {
+    my ($self) = @_;
+    if ($trans_mode) {
+    } else {
+        $self->_commit;
+    }
+}
+sub _commit {
+    my ($self) = @_;
+    $self->base->commit;
+}
+sub rollback {
+    my ($self) = @_;
+    if ($trans_mode) {
+        print $OUT "All pending changes get rollback\n";
+    }
+    $self->_rollback;
+}
+sub _rollback {
+    my ($self) = @_;
+    $self->base->rollback;
+}
 ;

LATMOS-Accounts/lib/LATMOS/Accounts/Log.pm

-                      r476
+                      r861
 use Sys::Syslog qw(:standard :macros);
 use Exporter ();
+use Mail::Sendmail;
 =head1 NAME
 …
     console => LA_NOTICE,
     callback => undef,
+    mail => undef,
 );
+my @maillog = ();
 =head1 FUNCTIONS
 …
 sub lastmessage {
     my ($level) = @_;
     return $lastmessages{$level};
+    return $lastmessages{$level || LA_ERROR};
+}
 …
         $log_method{callback}->($level, $msg, @args);
+    }
+    if ($log_method{mail}) {
+        # store error to send it later, only ERROR
+        push(@maillog, sprintf($msg, @args)) if ($level <= LA_ERROR);
+    }
 ;
+}
+sub _flush_mail {
+    @maillog = ();
+}
+sub _send_mail_log {
+    @maillog or return;
+    sendmail(
+        Subject => "LATMOS::Accounts error from $0",
+        To => $log_method{mail},
+        From => 'LATMOS-Accounts@latmos.ipsl.fr',
+        Message => join("\n", @maillog),
+    ) or la_log(LA_ERR, "Cannot sent mail: " . $Mail::Sendmail::error);
+    _flush_mail();
+}
+END {
+    _send_mail_log() if($log_method{mail});
+}
 ;

LATMOS-Accounts/lib/LATMOS/Accounts/Maintenance.pm

-                      r850
+                      r861
 use LATMOS::Accounts::Log;
 use FindBin qw($Bin);
-use Crypt::RSA;
-use Crypt::RSA::Key::Public::SSH;
-use Crypt::RSA::Key::Private::SSH;
-use MIME::Base64;
 sub _base {
     my ($self) = @_;
+    return $self->{_maintenance_base} if ($self->{_maintenance_base});
     my $base = $self->SUPER::default_base;
     $base->type eq 'sql' or die "This module work only with SQL base type\n";
     $base
+    return $self->{_maintenance_base} = $base
+}
 sub find_next_expire_users {
     # Do not replace this code by $base->find_next_expire_users
     # it does not exctly the same thing
+    # it does not exactly the same thing
     my ($self, $expire) = @_;
     my $base = $self->_base;
 …
+}
+sub expired_account_reminder {
+    my ($self, %options) = @_;
+    $options{delay} ||= '6 month';
+    require Mail::Sendmail;
+    require Template;
+    my $template = Template->new(
+        INCLUDE_PATH => [
+            ($self->val('_default_', 'templatespath')
+               ? $self->val('_default_', 'templatespath') . '/mail'
+               : ()),
+            "$FindBin::Bin/../templates" . '/mail',
+            '/usr/share/latmos-accounts/templates/mail',
+        ],
+        POST_CHOMP   => 1,
+        EXTENSION    => '.mail',
+    );
+    my @users = $self->_base->find_expired_users($options{delay});
+    my %managers;
+    foreach my $user (@users) {
+        my $uobj = $self->_base->get_object('user', $user);
+        $uobj->get_attributes('unexported') and next; # can't happend
+        my $manager = $uobj->get_attributes('managerContact') || 'N/A';
+        push(@{$managers{$manager}{users}}, $uobj);
+    }
+    foreach (keys %managers) {
+        my $oman = $self->_base->get_object('user', $_) or next; # can't happend
+        $managers{$_}{manager} = $oman;
+        my $mail = $oman->get_attributes('mail') or next;
+        my %mail = (
+            From => $self->val('_default_', 'mailFrom', 'nomail@localhost'),
+            Subject => 'LATMOS expired account',
+            smtp => $self->val('_default_', 'smtp'),
+            'Content-Type' => 'text/plain; charset=utf-8',
+            'X-LATMOS-Accounts' => '$Rev$',
+            'X-LATMOS-Reason' => 'Account expiration',
+        );
+        $mail{to} = $options{to} || $mail;
+        my $message;
+        $template->process('account_expired_reminder.mail', $managers{$oman->id}, \$message)
+            or do {
+                la_log(LA_ERR, "Cannot send expiration mail: %s, exiting",
+                    $template->error());
+                exit(1);
+            };
+        if (!$options{test}) {
+            if (Mail::Sendmail::sendmail(
+                    %mail,
+                    Message => $message,
+                )) {
+                la_log(LA_NOTICE,
+                    "Expired account reminder mail for %s sent to %s (cc: %s) for %s",
+                    $oman->id,
+                    $mail{to},
+                    ($mail{cc} || ''),
+                    join(', ', map { $_->id } @{$managers{$oman->id}{users}})
+                );
+            } else {
+                la_log(LA_ERR, "Cannot send mail: %s", $Mail::Sendmail::error);
+            }
+        }
+    }
+    my @summary;
+    foreach my $manager (sort keys %managers) {
+        push(@summary, "\n" . (
+            $managers{$manager}{manager}
+                ? $managers{$manager}{manager}->get_attributes('displayName')
+                : $manager) . "\n");
+        foreach (@{$managers{$manager}{users}}) {
+            push(@summary, sprintf("  %s - %s (%s)\n",
+                $_->id,
+                $_->get_attributes('displayName'),
+                $_->get_attributes('expireText'),
+            ));
+        }
+    }
+    if (@summary) {
+        if ($options{test}) {
+            print join('', @summary);
+        } else {
+            if ($self->val('_default_', 'expire_summary_to')) {
+                my %mail = (
+                    From => $self->val('_default_', 'mailFrom', 'nomail@localhost'),
+                    Subject => 'LATMOS expired account (to disable)',
+                    smtp => $self->val('_default_', 'smtp'),
+                    'Content-Type' => 'text/plain; charset=utf-8',
+                    'X-LATMOS-Accounts' => '$Rev$',
+                    'X-LATMOS-Reason' => 'Account expiration',
+                    To => $self->val('_default_', 'expire_summary_to'),
+                );
+                if (Mail::Sendmail::sendmail(
+                        %mail,
+                        Message => join('', @summary),
+                    )) {
+                    la_log(LA_NOTICE, "Expiration summary mail sent to %s",
+                        $self->val('_default_', 'expire_summary_to'),
+                    );
+                } else {
+                    la_log(LA_ERR, "Cannot send mail: %s", $Mail::Sendmail::error);
+                }
+            }
+        }
+    }
+}
 sub generate_rsa_key {
+    # compat functions
     my ($self, $password) = @_;
+    my $rsa = new Crypt::RSA ES => 'PKCS1v15';
+    my ($public, $private) = $rsa->keygen (
+        Identity  => 'LATMOS-Accounts',
+        Size      => 768,
+        Password  => $password,
+        Verbosity => 0,
+        KF=>'SSH',
+    ) or die
+    $self->rsa->errstr(); # TODO avoid die
+    return ($public, $private);
+}
+    $self->_base->generate_rsa_key($password);
+}
 sub store_rsa_key {
+    # compat functions
     my ($self, $public, $private) = @_;
+    my $base = $self->_base;
+    $base->set_global_value('rsa_private_key',
+        encode_base64($private->serialize));
+    $base->set_global_value('rsa_public_key',
+        $public->serialize);
+    return;
+    $self->_base->store_rsa_key($public, $private);
+}
 sub private_key {
+    # compat functions
     my ($self, $password) = @_;
+    my $base = $self->_base;
+    my $serialize = $base->get_global_value('rsa_private_key') or return;
+    my $privkey = Crypt::RSA::Key::Private::SSH->new;
+    $privkey->deserialize(String => [ decode_base64($serialize) ],
+        Passphrase => $password);
+    $privkey
+    $self->_base->private_key($password);
+}
 sub get_rsa_password {
+    # compat functions
     my ($self) = @_;
+    my $base = $self->_base;
+    my $sth = $base->db->prepare(q{
+        select "name", value from "user" join user_attributes_base
+        on "user".ikey = user_attributes_base.okey
+        where user_attributes_base.attr = 'encryptedPassword'
+    });
+    $sth->execute;
+    my %users;
+    while (my $res = $sth->fetchrow_hashref) {
+        $users{$res->{name}} = $res->{value};
+    }
+    %users
+    $self->_base->get_rsa_password;
+}

LATMOS-Accounts/lib/LATMOS/Accounts/SynchAccess/base.pm

r715	r861
24	24	my ($class, $bases) = @_;
25	25	bless {
26		bases => [ @{ $bases} ],
	26	bases => [ @{ $bases } ],
27	27	}, $class;
28	28	}

LATMOS-Accounts/lib/LATMOS/Accounts/Synchro.pm

-                      r819
+                      r861
     $self->load_dest and return;
     my %state = ();
+    $state{$self->from->label} = $self->from->wexported(0);
+    $state{$self->from->label} = $self->from->wexported(
+        $self->{options}{unexported} ? 1 : 0
+    );
     foreach ($self->to) {
         $state{$_->label} = $_->wexported(1);
 …
     la_log(LA_DEBUG, "Leaving synch mode");
     $self->from->wexported($state{$self->from->label});
     foreach ($self->to) {
         $_->commit;
         $_->wexported($state{$_->label});
+    foreach my $base (grep { $_ } $self->to) {
+        $base->commit;
+        $base->wexported($state{$base->label});
+    }
+}
 …
     $self->lock or return;
+    if (!(my $res = $self->run_pre_synchro({}))) {
+        la_log(LA_ERR, "Pre synchro script failed, aborting");
+        $self->unlock;
+        return;
+    }
     my %state = $self->enter_synch_mode;
 …
                             $self->from->label, $otype, $_, $destbase->label, $res,
                         );
+                        if ($destbase->is_transactionnal) {
+                            $destbase->commit;
+                        }
                         $updated = 1;
+                    } else {
+                        if ($destbase->is_transactionnal) {
+                            $destbase->rollback;
+                        }
+                    }
+                }
 …
+        }
         foreach my $pass (1, 0) {
+            foreach my $otype (
+                sort { $a eq 'user' ? 1 : -1 } # user in last because gidNumber needed
+                keys %objlist) {
+                next if (!$pass && !$destbase->delayed_fields($otype));
+            foreach my $otype ($destbase->ordered_objects) {
+                exists($objlist{$otype}) or next;
                 foreach (@{$objlist{$otype} || []}) {
                     my $res = $destbase->sync_object_from($self->from, $otype, $_,
 …
                                 $destbase->label, $res,
                             );
+                            if ($destbase->is_transactionnal) {
+                                $destbase->commit;
+                            }
                             $updated = 1;
+                        }
 …
                         );
                         $desterror{$destbase->label} = 1;
+                        if ($destbase->is_transactionnal) {
+                            $destbase->rollback;
+                        }
+                    }
 …
     my $res = $self->run_post_synchro(
+        {
             UPDATED => $updated,
+            UPDATED => $updated || undef,
+        }
     );
 …
+}
+sub run_pre_synchro {
+    my ($self, $env) = @_;
+    $env ||= {};
+    $env->{HOOK_TYPE} = 'PRE';
+    foreach my $base ($self->to) {
+        if ($base->options('presynchro')) {
+            la_log LA_DEBUG, "Executing base pre synchro `%s' for %s",
+                $base->options('presynchro'), $base->label;
+            exec_command(
+                $base->options('presynchro'),
+                {
+                    BASE => $base->label,
+                    BASETYPE => $base->type,
+                    %{ $env },
+                }
+            );
+        }
+    }
+    $self->{options}{pre} or return 1;
+    la_log(LA_DEBUG, "Running post synchro `%s'", $self->{options}{pre});
+    exec_command($self->{options}{post}, $env);
+}
 sub run_post_synchro {
     my ($self, $env) = @_;
+    $env ||= {};
+    $env->{HOOK_TYPE} = 'PRE';
+    foreach my $base ($self->to) {
+        if ($base->options('postsynchro')) {
+            la_log LA_DEBUG, "Executing base post synchro `%s' for %s",
+                $base->options('postsynchro'), $base->label;
+            exec_command(
+                $base->options('postsynchro'),
+                {
+                    BASE => $base->label,
+                    BASETYPE => $base->type,
+                    %{ $env },
+                }
+            );
+        }
+    }
     $self->{options}{post} or return 1;
     la_log(LA_INFO, "Running post synchro `%s'", $self->{options}{post});
+    la_log(LA_DEBUG, "Running post synchro `%s'", $self->{options}{post});
     exec_command($self->{options}{post}, $env);
+}

LATMOS-Accounts/lib/LATMOS/Accounts/Utils.pm

-                      r818
+                      r861
 @ISA = qw(Exporter);
 @EXPORT = qw(to_ascii exec_command);
 @EXPORT_OK = qw(to_ascii exec_command);
+@EXPORT = qw(to_ascii exec_command switch_user run_via_sudo);
+@EXPORT_OK = qw(to_ascii exec_command switch_user run_via_sudo);
 sub to_ascii {
 …
     $text =~ s/Å/oe/g;
     $text =~ s/ÃŠ/ae/g;
     $text =~ tr {uÃ Ã¢Ã€ÃÃÃÃ§Ã©ÃšÃªÃ«ÃÃÃÃÃ¯Ã®ÃÃÃžÃ¶ÃŽÃÃÃŒÃ»ÃÃ}
                 {uaaaAAAceeeeEEEEiiIIoooOOuuUU};
+    $text =~ tr {uÃ Ã¢Ã€ÃÃÃÃ§Ã©ÃšÃªÃ«ÃÃÃÃÃ¯Ã®ÃÃÃžÃ¶ÃŽÃÃÃŒÃ»ÃÃÄ}
+                {uaaaAAAceeeeEEEEiiIIoooOOuuUUc};
     $text =~ s/([^[:ascii:]])/_/g;
     $text
 …
 sub exec_command {
     my ($command, $env) = @_;
+    my $rout = undef;
+    $rout = \$_[2] if(@_ > 2);
     my @exec = ref $command
 …
     la_log(LA_DEBUG, 'running command `%s\'', join(' ', @exec));
+    pipe(my $rh, my $wh);
     my $pid = fork;
     if (!defined($pid)) {
 …
     } elsif ($pid) {
         # Father
+        close($wh);
+        my $header;
+        while (<$rh>) {
+            if ($rout) {
+                $$rout .= $_;
+            } else {
+                chomp;
+                if (!$header) {
+                    $header = 1;
+                    la_log(LA_NOTICE, "exec `%s'", join(' ', @exec));
+                }
+                la_log(LA_NOTICE, "output: %s", $_);
+            }
+        }
         waitpid($pid, 0);
         if (my $exitstatus = $?) {
 …
     } else {
         # Child
+        close($rh);
+        ( $ENV{LA_MODULE} ) = caller();
         foreach (keys %{ $env || {} }) {
             $ENV{"LA_$_"} = $env->{$_};
+        }
+        open(STDOUT, ">&=" . fileno($wh));
+        open(STDERR, ">&=" . fileno($wh));
         exec(@exec);
         exit($!);
 …
+            }
         } else {
+            $attributes{$attr} = $value || undef;
+            $attr eq 'exported' && !defined $attributes{$attr} and $attributes{$attr} = 1;
+            $attributes{$attr} = $value eq '' ? undef : $value;
+            # Don't remember why this is here
+            #$attr eq 'exported' && !defined $attributes{$attr} and $attributes{$attr} = 1;
+        }
+    }
 …
         if ($name !~ /^[a-z]/);
     return "must contain only a-z,0-9"
         if ($name !~ /^[a-z,0-9]+$/);
+        if ($name !~ /^[a-z,0-9,_,-]+$/);
     return check_oid_validity($name);
+}
+sub switch_user {
+    my ($runas) = @_;
+    if ($< == 0 || $> == 0) {
+        my @info = getpwnam($runas) or do {
+            warn "Can find user $runas";
+            return;
+        };
+        $> = $info[3];
+        return;
+    } else {
+        warn "we are not root";
+    }
+}
+sub run_via_sudo {
+    my ($runas) = @_;
+    my @info = getpwnam($runas) or do {
+        warn "Can find user $runas";
+        return;
+    };
+    if ($< != $info[3]) {
+        exec('sudo', '-u', $runas, $0, @ARGV) or "Can run $!";
+    }
+}
 ;

LATMOS-Accounts/t/10_bases.t

r679	r861
20	20	[qw(username homeDirectory) ],
21	21	), "Can get canonicals fields");
22		is( $dummyb->~~get_field_name('user', 'homeDirectory')~~, "home", "can call get_fields_name");
	22	is( $dummyb->attribute('user', 'homeDirectory')->iname, "home", "can call get_fields_name");
23	23	ok(!$dummyb->is_transactionnal, 'Dummy driver is not transactionnal');
24	24

LATMOS-Accounts/t/11_bases_unix.t

r715	r861
27	27	ok($unixb->load, "Can load unix base");
28	28
29		is( $unixb->~~get_field_name('user', 'homeDirectory')~~, "home", "can call get_fields_name");
	29	is( $unixb->attribute('user', 'homeDirectory')->iname, "home", "can call get_fields_name");
30	30
31	31	ok(my $user = $unixb->get_object('user', 'root'), "Can get root user");

LATMOS-Accounts/t/12_bases_sql.t

-                      r445
+                      r861
 use strict;
 use warnings;
 use Test::More tests => 10;
+use Test::More tests => 12;
 use_ok('LATMOS::Accounts::Bases');
 …
 use_ok('LATMOS::Accounts::Bases::Sql::Address');
 use_ok('LATMOS::Accounts::Bases::Sql::Onlyaddress');
+use_ok('LATMOS::Accounts::Bases::Sql::Accreq');
+use_ok('LATMOS::Accounts::Bases::Sql::OCHelper::Accreq');

LATMOS-Accounts/t/15_bases_mail.t

r305	r861
26	26	ok($mailb->load, "Can load mail base");
27	27
28		is( $mailb->~~get_field_name('aliases', 'forward')~~, "forward", "can call get_field_name");
	28	is( $mailb->attribute('aliases', 'forward')->iname, "forward", "can call get_field_name");
29	29
30	30	ok(my $alias = $mailb->get_object('aliases', 'name'), "Can get root user");

LATMOS-Accounts/t/20_accounts.t

r410	r861
8	8
9	9	isa_ok(
10		my $accounts = LATMOS::Accounts->new('testdata/config'),
	10	my $accounts = LATMOS::Accounts->new('testdata/configdir'),
11	11	'LATMOS::Accounts'
12	12	);

LATMOS-Accounts/t/22_accounts_attributes.t

-                      r852
+                      r861
 isa_ok(
     my $accounts = LATMOS::Accounts->new('testdata/config'),
+    my $accounts = LATMOS::Accounts->new('testdata/configdir'),
     'LATMOS::Accounts'
 );
 …
 ok(my $base = $accounts->base('unix'), "Can get base");
 my $attr = LATMOS::Accounts::Bases::Attributes->new('sn', $base, 'user');
+my $attr = LATMOS::Accounts::Bases::Attributes->new('memberUID', $base, 'group');

LATMOS-Accounts/t/25_la_synchro.t

-                      r54
+                      r861
+}
 ok($config->WriteConfig("$workdir/config.ini"), "can write config file for test");
+ok($config->WriteConfig("$workdir/latmos-accounts.ini"), "can write config file for test");
 diag("Write test done in $workdir/");
 isa_ok(
     my $accounts = LATMOS::Accounts->new("$workdir/config.ini"),
+    my $accounts = LATMOS::Accounts->new($workdir),
     'LATMOS::Accounts'
 );

LATMOS-Accounts/t/26_la_synchaccess.t

-                      r56
+                      r861
+}
 ok($config->WriteConfig("$workdir/config.ini"), "can write config file for test");
+ok($config->WriteConfig("$workdir/latmos-accounts.ini"), "can write config file for test");
 diag("Write test done in $workdir/");
 isa_ok(
     my $accounts = LATMOS::Accounts->new("$workdir/config.ini"),
+    my $accounts = LATMOS::Accounts->new($workdir),
     'LATMOS::Accounts'
 );

LATMOS-Accounts/templates/mail/account_expire.mail

-                      r786
+                      r861
 sauf erreur ou ommission de notre part votre compte [% obj.id %] expire
 dans [% delay %] jours ([% obj.get_c_field('expire') %]).
 En aucun cas vos fichiers ne seront dÃ©truit
+En aucun cas vos fichiers ne seront dÃ©truits.
 Si ce dernier devais Ãªtre prolongÃ©  merci de dire Ã  votre responsable
+Si ce dernier devait Ãªtre prolongÃ©, merci de dire Ã  votre responsable
 de contacter svp@latmos.ipsl.fr afin de nous donner la nouvelle date.
 …
 If it had to be extended, please ask your manager to contact
 svp@latmos.ipsl.fr to give us with the new date of expiry.
+svp@latmos.ipsl.fr to give us the new date of expiry.
 Best regards.

Context Navigation

Legend:

Download in other formats: