<?php /**************************************************************************\ * phpGroupWare - Setup * * http://www.phpgroupware.org * * -------------------------------------------- * * This program is free software; you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the * * Free Software Foundation; either version 2 of the License, or (at your * * option) any later version. * \**************************************************************************/ /* $Id$ */ $phpgw_info = array(); $phpgw_info["flags"] = array( 'noheader' => True, 'nonavbar' => True, 'currentapp' => 'home', 'noapi' => True ); include('./inc/functions.inc.php'); // Authorize the user to use setup app and load the database if (!$GLOBALS['phpgw_setup']->auth('Config')) { Header('Location: index.php'); exit; } // Does not return unless user is authorized class phpgw { var $common; var $accounts; var $applications; var $db; } $phpgw = new phpgw; $phpgw->common = CreateObject('phpgwapi.common'); $common = $phpgw->common; $GLOBALS['phpgw_setup']->loaddb(); $phpgw->db = $GLOBALS['phpgw_setup']->db; $tpl_root = $GLOBALS['phpgw_setup']->html->setup_tpl_dir('setup'); $setup_tpl = CreateObject('setup.Template',$tpl_root); $setup_tpl->set_file(array( 'ldap' => 'ldap.tpl', 'T_head' => 'head.tpl', 'T_footer' => 'footer.tpl', 'T_alert_msg' => 'msg_alert_msg.tpl' )); $phpgw_info['server']['auth_type'] = 'ldap'; $phpgw->applications = CreateObject('phpgwapi.applications'); $applications = $phpgw->applications; $GLOBALS['phpgw_setup']->db->query("SELECT config_name,config_value FROM phpgw_config WHERE config_name LIKE 'ldap%' OR config_name='account_repository'",__LINE__,__FILE__); while ($GLOBALS['phpgw_setup']->db->next_record()) { $config[$GLOBALS['phpgw_setup']->db->f('config_name')] = $GLOBALS['phpgw_setup']->db->f('config_value'); } $phpgw_info['server']['ldap_host'] = $config['ldap_host']; $phpgw_info['server']['ldap_context'] = $config['ldap_context']; $phpgw_info['server']['ldap_group_context'] = $config['ldap_group_context']; $phpgw_info['server']['ldap_root_dn'] = $config['ldap_root_dn']; $phpgw_info['server']['ldap_root_pw'] = $config['ldap_root_pw']; $phpgw_info['server']['account_repository'] = $config['account_repository']; $phpgw->accounts = CreateObject('phpgwapi.accounts'); $acct = $phpgw->accounts; // First, see if we can connect to the LDAP server, if not send `em back to config.php with an // error message. // connect to ldap server if (! $ldap = $common->ldapConnect()) { $noldapconnection = True; } if ($noldapconnection) { Header('Location: config.php?error=badldapconnection'); exit; } $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber')); $info = ldap_get_entries($ldap, $sr); $tmp = ''; for ($i=0; $i<$info['count']; $i++) { if (! $phpgw_info['server']['global_denied_users'][$info[$i]['uid'][0]]) { $tmp = $info[$i]['uidnumber'][0]; $account_info[$tmp]['account_id'] = $info[$i]['uidnumber'][0]; $account_info[$tmp]['account_lid'] = $info[$i]['uid'][0]; $account_info[$tmp]['account_firstname'] = $info[$i]['givenname'][0]; $account_info[$tmp]['account_lastname'] = $info[$i]['sn'][0]; $account_info[$tmp]['account_passwd'] = $info[$i]['userpassword'][0]; } } if ($phpgw_info['server']['ldap_group_context']) { $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid')); $info = ldap_get_entries($ldap, $srg); $tmp = ''; for ($i=0; $i<$info['count']; $i++) { if (! $phpgw_info['server']['global_denied_groups'][$info[$i]['cn'][0]] && ! $account_info[$i][$info[$i]['cn'][0]]) { $tmp = $info[$i]['gidnumber'][0]; $group_info[$tmp]['account_id'] = $info[$i]['gidnumber'][0]; $group_info[$tmp]['account_lid'] = $info[$i]['cn'][0]; $group_info[$tmp]['members'] = $info[$i]['memberuid']; $group_info[$tmp]['account_firstname'] = $info[$i]['cn'][0]; $group_info[$tmp]['account_lastname'] = 'Group'; } } } else { $group_info = array(); } $GLOBALS['phpgw_setup']->db->query("SELECT app_name,app_title FROM phpgw_applications WHERE app_enabled!='0' AND app_enabled!='3' ORDER BY app_title",__LINE__,__FILE__); while ($GLOBALS['phpgw_setup']->db->next_record()) { $apps[$GLOBALS['phpgw_setup']->db->f('app_name')] = $GLOBALS['phpgw_setup']->db->f('app_title'); } if ($cancel) { Header("Location: ldap.php"); exit; } if ($submit) { if (!count($admins)) { $error = '<br>You must select at least 1 admin'; } if (!count($s_apps)) { $error .= '<br>You must select at least 1 application'; } if (!$error) { if($users) { while (list($key,$id) = each($users)) { $id_exist = 0; $thisacctid = $account_info[$id]['account_id']; $thisacctlid = $account_info[$id]['account_lid']; $thisfirstname = $account_info[$id]['account_firstname']; $thislastname = $account_info[$id]['account_lastname']; $thispasswd = $account_info[$id]['account_passwd']; // Do some checks before we try to import the data. if (!empty($thisacctid) && !empty($thisacctlid)) { $accounts = CreateObject('phpgwapi.accounts',intval($thisacctid)); $accounts->db = $GLOBALS['phpgw_setup']->db; // Check if the account is already there. // If so, we won't try to create it again. $acct_exist = $acct->name2id($thisacctlid); if ($acct_exist) { $thisacctid = $acct_exist; } $id_exist = $accounts->exists($thisacctlid); // If not, create it now. if(!$id_exist) { $thisaccount_info = array( 'account_type' => 'u', 'account_lid' => $thisacctlid, 'account_passwd' => 'x', /* 'account_passwd' => $thispasswd, */ 'account_firstname' => $thisfirstname, 'account_lastname' => $thislastname, 'account_status' => 'A', 'account_expires' => -1 ); $accounts->create($thisaccount_info); $thisacctid = $acct->name2id($thisacctlid); } // Insert default acls for this user. // Since the group has app rights, we don't need to give users // these rights. Instead, we make the user a member of the Default group // below. $acl = CreateObject('phpgwapi.acl',intval($thisacctid)); $acl->db = $GLOBALS['phpgw_setup']->db; $acl->read_repository(); // Only give them admin if we asked for them to have it. // This is typically an exception to apps for run rights // as a group member. for ($a=0;$a<count($admins);$a++) { if ($admins[$a] == $thisacctlid) { $acl->delete('admin','run',1); $acl->add('admin','run',1); } } // Now make them a member of the 'Default' group. // But, only if the current user is not the group itself. if (!$defaultgroupid) { $defaultgroupid = $accounts->name2id('Default'); } if($defaultgroupid) { $acl->delete('phpgw_group',$defaultgroupid,1); $acl->add('phpgw_group',$defaultgroupid,1); } // Save these new acls. $acl->save_repository(); } } } if ($ldapgroups) { while (list($key,$groupid) = each($ldapgroups)) { $id_exist = 0; $thisacctid = $group_info[$groupid]['account_id']; $thisacctlid = $group_info[$groupid]['account_lid']; $thisfirstname = $group_info[$groupid]['account_firstname']; $thislastname = $group_info[$groupid]['account_lastname']; $thismembers = $group_info[$groupid]['members']; // Do some checks before we try to import the data. if (!empty($thisacctid) && !empty($thisacctlid)) { $groups = CreateObject('phpgwapi.accounts',intval($thisacctid)); $groups->db = $GLOBALS['phpgw_setup']->db; // Check if the account is already there. // If so, we won't try to create it again. $acct_exist = $groups->name2id($thisacctlid); /* echo '<br<group: ' . $acct_exist; */ if ($acct_exist) { $thisacctid = $acct_exist; } $id_exist = $groups->exists(intval($thisacctid)); // If not, create it now. if(!$id_exist) { $thisgroup_info = array( 'account_type' => 'g', 'account_lid' => $thisacctlid, 'account_passwd' => $passwd, 'account_firstname' => $thisfirstname, 'account_lastname' => $thislastname, 'account_status' => 'A', 'account_expires' => -1 ); $groups->create($thisgroup_info); $thisacctid = $acct->name2id($thisacctlid); } // Now make them a member of this group in phpgw. while (list($key,$members) = each($thismembers)) { if ($key == 'count') { continue; } /* echo '<br>members: ' . $members; */ $tmpid = 0; @reset($account_info); while(list($x,$y) = each($account_info)) { /* echo '<br>checking: '.$y['account_lid']; */ if ($members == $y['account_lid']) { $tmpid = $acct->name2id($y['account_lid']); } } /* Insert acls for this group based on memberuid field. Since the group has app rights, we don't need to give users these rights. Instead, we maintain group membership here. */ if($tmpid) { $acl = CreateObject('phpgwapi.acl',$tmpid); $acl->db = $GLOBALS['phpgw_setup']->db; $acl->account_id = intval($tmpid); $acl->read_repository(); $acl->delete('phpgw_group',$thisacctid,1); $acl->add('phpgw_group',$thisacctid,1); /* Now add the acl to let them change their password */ $acl->delete('preferences','changepassword',1); $acl->add('preferences','changepassword',1); $acl->save_repository(); /* Add prefs for selected apps here, since they are per-user. App access is added below. */ $pref = CreateObject('phpgwapi.preferences',$tmpid); $pref->db = $GLOBALS['phpgw_setup']->db; $pref->account_id = intval($tmpid); $pref->read_repository(); @reset($s_apps); while (list($key,$app) = each($s_apps)) { $phpgw->hooks->single('add_def_pref',$app); } $pref->save_repository(); } } /* Now give this group some rights */ $phpgw_info['user']['account_id'] = $thisacctid; $acl = CreateObject('phpgwapi.acl'); $acl->db = $GLOBALS['phpgw_setup']->db; $acl->account_id = intval($thisacctid); $acl->read_repository(); @reset($s_apps); while (list($key,$app) = each($s_apps)) { $acl->delete($app,'run',1); $acl->add($app,'run',1); } $acl->save_repository(); $defaultgroupid = $thisacctid; } } } else { /* Create the 'Default' group */ $groups = CreateObject('phpgwapi.accounts',$defaultgroupid); $groups->db = $GLOBALS['phpgw_setup']->db; // Check if the group account is already there. // If so, set our group_id to that account's id for use below. $acct_exist = $groups->name2id('Default'); if ($acct_exist) { $defaultgroupid = $acct_exist; } $id_exist = $groups->exists(intval($defaultgroupid)); // if not, create it, using our original groupid. if($id_exist) { $groups->delete($defaultgroupid); } $thisgroup_info = array( 'account_type' => 'g', 'account_lid' => 'Default', 'account_passwd' => $passwd, 'account_firstname' => 'Default', 'account_lastname' => 'Group', 'account_status' => 'A', 'account_expires' => -1 ); $acct->create($thisgroup_info); $defaultgroupid = $acct->name2id('Default'); $acl = CreateObject('phpgwapi.acl',$defaultgroupid); $acl->db = $GLOBALS['phpgw_setup']->db; $acl->account_id = intval($defaultgroupid); $acl->read_repository(); @reset($s_apps); while (list($key,$app) = each($s_apps)) { $acl->delete($app,'run',1); $acl->add($app,'run',1); } $acl->save_repository(); } //end default group creation } $setup_complete = True; } $GLOBALS['phpgw_setup']->html->show_header('LDAP Import','','config',$ConfigDomain); if ($error) { //echo '<br><center><b>Error:</b> '.$error.'</center>'; $GLOBALS['phpgw_setup']->html->show_alert_msg('Error',$error); } if ($setup_complete) { echo lang('<br><center>Import has been completed! Click <a href="index.php">here</a> to return to setup </center>'); $GLOBALS['phpgw_setup']->html->show_footer(); exit; } $setup_tpl->set_block('ldap','header','header'); $setup_tpl->set_block('ldap','user_list','user_list'); $setup_tpl->set_block('ldap','admin_list','admin_list'); $setup_tpl->set_block('ldap','group_list','group_list'); $setup_tpl->set_block('ldap','app_list','app_list'); $setup_tpl->set_block('ldap','submit','submit'); $setup_tpl->set_block('ldap','footer','footer'); while (list($key,$account) = each($account_info)) { $user_list .= '<option value="' . $account['account_id'] . '">' . $common->display_fullname($account['account_lid'],$account['account_firstname'],$account['account_lastname']) . '</option>'; } @reset($account_info); while (list($key,$account) = each($account_info)) { $admin_list .= '<option value="' . $account['account_lid'] . '">' . $common->display_fullname($account['account_lid'],$account['account_firstname'],$account['account_lastname']) . '</option>'; } while (list($key,$group) = each($group_info)) { $group_list .= '<option value="' . $group['account_id'] . '">' . $group['account_lid'] . '</option>'; } while(list($appname,$apptitle) = each($apps)) { if($appname == 'admin' || $appname == 'skel' || $appname == 'backup' || $appname == 'netsaint' || $appname == 'developer_tools' || $appname == 'phpsysinfo' || $appname == 'eldaptir' || $appname == 'qmailldap') { $app_list .= '<option value="' . $appname . '">' . $apptitle . '</option>'; } else { $app_list .= '<option value="' . $appname . '" selected>' . $apptitle . '</option>'; } } $setup_tpl->set_var('action_url','ldapimport.php'); $setup_tpl->set_var('users',$user_list); $setup_tpl->set_var('admins',$admin_list); $setup_tpl->set_var('ldapgroups',$group_list); $setup_tpl->set_var('s_apps',$app_list); $setup_tpl->set_var('ldap_import',lang('LDAP import users')); $setup_tpl->set_var('description',lang("This section will help you import users and groups from your LDAP tree into phpGroupWare's account tables").'.'); $setup_tpl->set_var('select_users',lang('Select which user(s) will be imported')); $setup_tpl->set_var('select_admins',lang('Select which user(s) will have admin privileges')); $setup_tpl->set_var('select_groups',lang('Select which group(s) will be imported (group membership will be maintained)')); $setup_tpl->set_var('select_apps',lang('Select the default applications to which your users will have access').'.'); $setup_tpl->set_var('note',lang('Note: You will be able to customize this later').'.'); $setup_tpl->set_var('form_submit','import'); $setup_tpl->set_var('cancel',lang('Cancel')); $setup_tpl->pfp('out','header'); $setup_tpl->pfp('out','user_list'); $setup_tpl->pfp('out','admin_list'); $setup_tpl->pfp('out','group_list'); $setup_tpl->pfp('out','app_list'); $setup_tpl->pfp('out','submit'); $setup_tpl->pfp('out','footer'); $GLOBALS['phpgw_setup']->html->show_footer(); ?>