<?php /**************************************************************************\ * phpGroupWare - Setup * * http://www.phpgroupware.org * * -------------------------------------------- * * This program is free software; you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the * * Free Software Foundation; either version 2 of the License, or (at your * * option) any later version. * \**************************************************************************/ /* $Id$ */ $phpgw_info["flags"] = array( 'noheader' => True, 'nonavbar' => True, 'currentapp' => 'home', 'noapi' => True ); include('../header.inc.php'); include('./inc/functions.inc.php'); // Authorize the user to use setup app and load the database if (!$phpgw_setup->auth('Config')) { Header('Location: index.php'); exit; } // Does not return unless user is authorized class phpgw { var $common; var $accounts; var $applications; var $db; } $phpgw = new phpgw; $phpgw->common = CreateObject('phpgwapi.common'); $common = $phpgw->common; $phpgw_setup->loaddb(); $phpgw->db = $phpgw_setup->db; $phpgw_info['server']['auth_type'] = 'ldap'; $phpgw->accounts = CreateObject('phpgwapi.accounts'); $acct = $phpgw->accounts; $phpgw->applications = CreateObject('phpgwapi.applications'); $applications = $phpgw->applications; $phpgw_setup->db->query("select config_name,config_value from phpgw_config where config_name like 'ldap%'",__LINE__,__FILE__); while ($phpgw_setup->db->next_record()) { $config[$phpgw_setup->db->f('config_name')] = $phpgw_setup->db->f('config_value'); } $phpgw_info['server']['ldap_host'] = $config['ldap_host']; $phpgw_info['server']['ldap_context'] = $config['ldap_context']; $phpgw_info['server']['ldap_group_context'] = $config['ldap_group_context']; $phpgw_info['server']['ldap_root_dn'] = $config['ldap_root_dn']; $phpgw_info['server']['ldap_root_pw'] = $config['ldap_root_pw']; // First, see if we can connect to the LDAP server, if not send `em back to config.php with an // error message. // connect to ldap server if (! $ldap = $common->ldapConnect()) { $noldapconnection = True; } if ($noldapconnection) { Header('Location: config.php?error=badldapconnection'); exit; } $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber')); $info = ldap_get_entries($ldap, $sr); for ($i=0; $i<$info['count']; $i++) { if (! $phpgw_info['server']['global_denied_users'][$info[$i]['uid'][0]]) { $account_info[$i]['account_id'] = $info[$i]['uidnumber'][0]; $account_info[$i]['account_lid'] = $info[$i]['uid'][0]; $account_info[$i]['account_firstname'] = $info[$i]['givenname'][0]; $account_info[$i]['account_lastname'] = $info[$i]['sn'][0]; } } if ($phpgw_info['server']['ldap_group_context']) { $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid')); $info = ldap_get_entries($ldap, $srg); for ($i=0; $i<$info['count']; $i++) { if (! $phpgw_info['server']['global_excluded_groups'][$info[$i]['cn'][0]] && ! $account_info[$i][$info[$i]['cn'][0]]) { $group_info[$i]['account_id'] = $info[$i]['gidnumber'][0]; $group_info[$i]['account_lid'] = $info[$i]['cn'][0]; $group_info[$i]['members'] = $info[$i]['memberuid']; $group_info[$i]['account_firstname'] = $info[$i]['cn'][0]; $group_info[$i]['account_lastname'] = ''; } } } $phpgw_setup->db->query("select app_name,app_title from phpgw_applications where app_enabled != '0' and " . "app_name != 'administration'",__LINE__,__FILE__); while ($phpgw_setup->db->next_record()) { $apps[$phpgw_setup->db->f('app_name')] = $phpgw_setup->db->f('app_title'); } if ($submit) { if (!count($admins)) { $error = '<br>You must select at least 1 admin'; } if (!count($s_apps)) { $error .= '<br>You must select at least 1 application'; } if (!$error) { if ($ldapgroups) { $groupimport = True; while ($group = each($group_info)) { $id_exist = 0; $thisacctid = $group[1]['account_id']; $thisacctlid = $group[1]['account_lid']; $thisfirstname = $group[1]['account_firstname']; $thislastname = $group[1]['account_lastname']; $thismembers = $group_info[$i]['members']; // Do some checks before we try to import the data. if (!empty($thisacctid) && !empty($thisacctlid)) { $groups = CreateObject('phpgwapi.accounts',intval($thisacctid)); $groups->db = $phpgw_setup->db; // Check if the account is already there. // If so, we won't try to create it again. $acct_exist = $acct->name2id($thisacctlid); if ($acct_exist) { $thisacctid = $acct_exist; } $id_exist = $accounts->exists(intval($thisacctid)); // If not, create it now. if(!$id_exist) { $accounts->create('g', $thisacctlid, 'x',$thisfirstname, $thislastname,'',$thisacctid); } // Now make them a member of this group in phpgw. while (list($members) = each($thismembers)) { // Insert acls for this group based on memberuid field. // Since the group has app rights, we don't need to give users // these rights. Instead, we maintain group membership here. $acl = CreateObject('phpgwapi.acl',intval($members)); $acl->db = $phpgw_setup->db; $acl->read_repository(); $acl->delete('phpgw_group',$thisacctid,1); $acl->add('phpgw_group',$thisacctid,1); // Now add the acl to let them change their password $acl->delete('preferences','changepassword',$thisacctid,1); $acl->add('preferences','changepassword',$thisacctid,1); $acl->save_repository(); } } } $setup_complete = True; } else { // Create the 'Default' group mt_srand((double)microtime()*1000000); $defaultgroupid = mt_rand (100, 65535); $acct = CreateObject('phpgwapi.accounts',$defaultgroupid); $acct->db = $phpgw_setup->db; // Check if the group account is already there. // If so, set our group_id to that account's id for use below. $acct_exist = $acct->name2id('Default'); if ($acct_exist) { $defaultgroupid = $acct_exist; } $id_exist = $acct->exists(intval($defaultgroupid)); // if not, create it, using our original groupid. if(!$id_exist) { $acct->create('g','Default',$passwd,'Default','Group','A',$defaultgroupid); } else { // Delete first, so ldap does not return an error, then recreate $acct->delete($defaultgroupid); $acct->create('g','Default',$passwd,'Default','Group','A',$defaultgroupid); } $acl = CreateObject('phpgwapi.acl',$defaultgroupid); $acl->db = $phpgw_setup->db; $acl->read_repository(); while ($app = each($s_apps)) { $acl->delete($app[1],'run',1); $acl->add($app[1],'run',1); } $acl->save_repository(); } //end default group creation while ($account = each($account_info)) { $id_exist = 0; $thisacctid = $account[1]['account_id']; $thisacctlid = $account[1]['account_lid']; $thisfirstname = $account[1]['account_firstname']; $thislastname = $account[1]['account_lastname']; // Do some checks before we try to import the data. if (!empty($thisacctid) && !empty($thisacctlid)) { $accounts = CreateObject('phpgwapi.accounts',intval($thisacctid)); $accounts->db = $phpgw_setup->db; // Check if the account is already there. // If so, we won't try to create it again. $acct_exist = $acct->name2id($thisacctlid); if ($acct_exist) { $thisacctid = $acct_exist; } $id_exist = $accounts->exists(intval($thisacctid)); // If not, create it now. if(!$id_exist) { $accounts->create('u', $thisacctlid, 'x',$thisfirstname, $thislastname,'A',$thisacctid); } // Insert default acls for this user. // Since the group has app rights, we don't need to give users // these rights. Instead, we make the user a member of the Default group // below. $acl = CreateObject('phpgwapi.acl',intval($thisacctid)); $acl->db = $phpgw_setup->db; $acl->read_repository(); // Only give them admin if we asked for them to have it. // This is typically an exception to apps for run rights // as a group member. for ($a=0;$a<count($admins);$a++) { if ($admins[$a] == $thisacctid) { $acl->delete('admin','run',1); $acl->add('admin','run',1); } } // Now make them a member of the 'Default' group. // But, only if the current user is not the group itself. if ($defaultgroupid != $thisacctid) { $acl->delete('phpgw_group',$defaultgroupid,1); $acl->add('phpgw_group',$defaultgroupid,1); } // Save these new acls. $acl->save_repository(); } $setup_complete = True; } } } // Add a check to see if there are no users in LDAP, if not create a default user. $phpgw_setup->show_header(); if ($error) { echo '<br><center><b>Error:</b> '.$error.'</center>'; } if ($setup_complete) { $phpgw_setup->db->query("select config_value from phpgw_config where config_name='webserver_url'",__LINE__,__FILE__); $phpgw_setup->db->next_record(); echo '<br><center>Setup has been completed! Click <a href="' . $phpgw_setup->db->f("config_value") . '/login.php">here</a> to login</center>'; exit; } ?> <form action="ldap.php" method="POST"> <table border="0" align="center" width="70%"> <tr bgcolor="486591"> <td colspan="2"> <font color="fefefe">LDAP import users</font></td> </tr> <tr bgcolor="e6e6e6"> <td colspan="2"> This section will help you import users and groups from your LDAP tree into phpGroupWare's account tables.<br> </td> </tr> <tr bgcolor="e6e6e6"> <td align="left" valign="top"> Select which user(s) will be imported </td> <td align="center"> <select name="users[]" multiple size="5"> <?php while ($account = each($account_info)) { echo '<option value="' . $account[1]['account_id'] . '">' . $common->display_fullname($account[1]['account_lid'],$account[1]['account_firstname'],$account[1]['account_lastname']) . '</option>'; echo "\n"; } ?> </select> </td> </tr> <tr bgcolor="e6e6e6"> <td align="left" valign="top"> Select which user(s) will have admin privileges </td> <td align="center"> <select name="admins[]" multiple size="5"> <?php @reset($account_info); while ($account = each($account_info)) { echo '<option value="' . $account[1]['account_id'] . '">' . $common->display_fullname($account[1]['account_lid'],$account[1]['account_firstname'],$account[1]['account_lastname']) . '</option>'; echo "\n"; } ?> </select> </td> </tr> <tr bgcolor="e6e6e6"> <td align="left" valign="top"> Select which group(s) will be imported (group membership will be maintained) </td> <td align="center"> <select name="ldapgroups[]" multiple size="5"> <?php while ($group = each($group_info)) { echo '<option value="' . $account[1]['account_id'] . '">' . $group[1]['account_lid'] . '</option>'; echo "\n"; } ?> </select> </td> </tr> <tr bgcolor="e6e6e6"> <td align="left" valign="top"> Select the default applications your users will have access to. <br> Note: You will be able to customize this later. </td> <td> <select name="s_apps[]" multiple size="5"> <?php while ($app = each($apps)) { if ($app[0] != 'admin') { echo '<option value="' . $app[0] . '" selected>' . $app[1] . '</option>'; } else { echo '<option value="' . $app[0] . '">' . $app[1] . '</option>'; } echo "\n"; } ?> </select> </td> </tr> <tr bgcolor="e6e6e6"> <td colspan="2" align="center"> <input type="submit" name="submit" value="import"> </td> </tr> </table> </form>