From df3fb3b9ac4476424c0f4975156e8aa157b061b0 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 6 Jun 2006 23:44:50 +0000 Subject: [PATCH] rewrite of the accounts classes: - new cleaner AND documented interfaces - old interfaces are still availible, but depricated - LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema - LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros) - password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts --- setup/admin_account.php | 3 +-- setup/inc/class.setup.inc.php | 32 ++++++++++++++++++++++++++++---- setup/ldapexport.php | 17 +++++++++++++++++ 3 files changed, 46 insertions(+), 6 deletions(-) diff --git a/setup/admin_account.php b/setup/admin_account.php index 7f605b0e9f..b1b20ae0cf 100644 --- a/setup/admin_account.php +++ b/setup/admin_account.php @@ -192,8 +192,7 @@ $GLOBALS['egw_setup']->db->transaction_abort(); exit; } - $GLOBALS['egw_setup']->add_acl('phpgw_group',$admingroupid,$accountid); - $GLOBALS['egw_setup']->add_acl('phpgw_group',$defaultgroupid,$accountid); + $GLOBALS['egw_setup']->set_memberships(array($admingroupid,$defaultgroupid),$accountid); $GLOBALS['egw_setup']->db->transaction_commit(); diff --git a/setup/inc/class.setup.inc.php b/setup/inc/class.setup.inc.php index 071d286050..8442db5c8d 100644 --- a/setup/inc/class.setup.inc.php +++ b/setup/inc/class.setup.inc.php @@ -905,7 +905,7 @@ if(!($accountid = $GLOBALS['egw']->accounts->name2id($username))) { - $accountid = $accountid ? $accountid : $GLOBALS['egw']->accounts->create(array( + if (!($accountid = $GLOBALS['egw']->accounts->create(array( 'account_type' => $group ? 'u' : 'g', 'account_lid' => $username, 'account_passwd' => $passwd, @@ -915,18 +915,40 @@ 'account_primary_group' => $groupid, 'account_expires' => -1, 'account_email' => $email, - )); + )))) + { + return false; + } + $memberships = array(); + } + else + { + $memberships = $GLOBALS['egw']->accounts->memberships($accountid); } - $accountid = (int)$accountid; if($groupid) { - $this->add_acl('phpgw_group',(int)$groupid,$accountid); + $memberships[] = $groupid; + + $GLOBALS['egw']->accounts->set_memberships($memberships,$accountid); } $this->add_acl('preferences','changepassword',$accountid,(int)$changepw); return $accountid; } + /** + * Set the memberships of an account + * + * @param array $groups array of group-id's + * @param int $user account_id + */ + function set_memberships($groups,$user) + { + $this->setup_account_object(); + + return $GLOBALS['egw']->accounts->set_memberships($groups,$user); + } + /** * Check if accounts other then the automatically installed anonymous account exist * @@ -962,6 +984,8 @@ /** * Add ACL rights * + * Dont use it to set group-membership, use set_memberships instead! + * * @param $app string/array with app-names * @param $locations string eg. run * @param $account int/string accountid or account_lid diff --git a/setup/ldapexport.php b/setup/ldapexport.php index b7ac99436b..7ec31628d0 100644 --- a/setup/ldapexport.php +++ b/setup/ldapexport.php @@ -51,6 +51,21 @@ 'T_alert_msg' => 'msg_alert_msg.tpl' )); + function hash_sql2ldap($hash) + { + switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type'])) + { + case '': // not set sql_encryption_type + case 'md5': + $hash = '{md5}' . base64_encode(pack("H*",$hash)); + break; + case 'crypt': + $hash = '{crypt}' . $hash; + break; + } + return $hash; + } + $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array( "config_name LIKE 'ldap%'", ),__LINE__,__FILE__); @@ -120,6 +135,8 @@ } $account_info[$accountid]['homedirectory'] = $GLOBALS['egw_info']['server']['ldap_account_home'] . '/' . $account_info[$accountid]['account_lid']; $account_info[$accountid]['loginshell'] = $GLOBALS['egw_info']['server']['ldap_account_shell']; + + $account_info[$accountid]['account_passwd'] = hash_sql2ldap($account_info[$accountid]['account_passwd']); if (!$accounts->create($account_info[$accountid])) {