egroupware_official/setup/ldapimport.php

482 lines
16 KiB
PHP
Raw Normal View History

2001-07-30 17:59:25 +02:00
<?php
/**************************************************************************\
2004-01-27 21:49:25 +01:00
* eGroupWare - Setup *
* http://www.egroupware.org *
2001-07-30 17:59:25 +02:00
* -------------------------------------------- *
* This program is free software; you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the *
* Free Software Foundation; either version 2 of the License, or (at your *
* option) any later version. *
\**************************************************************************/
/* $Id$ */
$GLOBALS['egw_info'] = array(
'flags' => array(
'noheader' => True,
'nonavbar' => True,
'currentapp' => 'home',
'noapi' => True
));
2001-07-30 17:59:25 +02:00
include('./inc/functions.inc.php');
// Authorize the user to use setup app and load the database
if(!$GLOBALS['egw_setup']->auth('Config'))
2001-07-30 17:59:25 +02:00
{
Header('Location: index.php');
exit;
}
// Does not return unless user is authorized
2001-07-30 17:59:25 +02:00
class phpgw
{
var $common;
var $accounts;
var $applications;
var $db;
}
$phpgw = new phpgw;
$phpgw->common = CreateObject('phpgwapi.common');
$common = $phpgw->common;
$GLOBALS['egw_setup']->loaddb();
$phpgw->db = $GLOBALS['egw_setup']->db;
2001-07-30 17:59:25 +02:00
$tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup');
$setup_tpl = CreateObject('setup.Template',$tpl_root);
2001-07-30 17:59:25 +02:00
$setup_tpl->set_file(array(
'ldap' => 'ldap.tpl',
'T_head' => 'head.tpl',
'T_footer' => 'footer.tpl',
'T_alert_msg' => 'msg_alert_msg.tpl'
));
2005-11-24 21:49:23 +01:00
$GLOBALS['egw_info']['server']['auth_type'] = 'ldap';
2001-07-30 17:59:25 +02:00
$phpgw->applications = CreateObject('phpgwapi.applications');
$applications = $phpgw->applications;
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array(
"config_name LIKE 'ldap%' OR config_name='account_repository'",
),__LINE__,__FILE__);
while($GLOBALS['egw_setup']->db->next_record())
2001-07-30 17:59:25 +02:00
{
$config[$GLOBALS['egw_setup']->db->f('config_name')] = $GLOBALS['egw_setup']->db->f('config_value');
2001-07-30 17:59:25 +02:00
}
2005-11-24 21:49:23 +01:00
$GLOBALS['egw_info']['server']['ldap_host'] = $config['ldap_host'];
$GLOBALS['egw_info']['server']['ldap_context'] = $config['ldap_context'];
$GLOBALS['egw_info']['server']['ldap_group_context'] = $config['ldap_group_context'];
$GLOBALS['egw_info']['server']['ldap_root_dn'] = $config['ldap_root_dn'];
$GLOBALS['egw_info']['server']['ldap_root_pw'] = $config['ldap_root_pw'];
$GLOBALS['egw_info']['server']['ldap_version3'] = $config['ldap_version3'] == "True" ? True : False;
$GLOBALS['egw_info']['server']['account_repository'] = $config['account_repository'];
2001-07-30 17:59:25 +02:00
$phpgw->accounts = CreateObject('phpgwapi.accounts');
$acct = $phpgw->accounts;
// First, see if we can connect to the LDAP server, if not send `em back to config.php with an
// error message.
// connect to ldap server
2004-01-25 20:27:48 +01:00
if(!$ldap = $common->ldapConnect())
2001-07-30 17:59:25 +02:00
{
$noldapconnection = True;
}
2004-01-25 20:27:48 +01:00
if($noldapconnection)
2001-07-30 17:59:25 +02:00
{
Header('Location: config.php?error=badldapconnection');
exit;
}
2005-11-24 21:49:23 +01:00
$sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber','email','gidnumber'));
2001-07-30 17:59:25 +02:00
$info = ldap_get_entries($ldap, $sr);
2005-11-24 21:49:23 +01:00
$account_info = $group_info = array();
2004-01-25 20:27:48 +01:00
for($i=0; $i<$info['count']; $i++)
2001-07-30 17:59:25 +02:00
{
2005-11-24 21:49:23 +01:00
if(!$GLOBALS['egw_info']['server']['global_denied_users'][$info[$i]['uid'][0]])
2001-07-30 17:59:25 +02:00
{
2005-11-24 21:49:23 +01:00
$account_info[$info[$i]['uidnumber'][0]] = array(
'account_id' => $info[$i]['uidnumber'][0],
'account_lid' => $info[$i]['uid'][0],
'account_firstname' => $info[$i]['givenname'][0],
'account_lastname' => $info[$i]['sn'][0],
'account_passwd' => $info[$i]['userpassword'][0],
'account_email' => $info[$i]['email'][0],
'account_primary_group' => -$info[$i]['gidnumber'][0],
);
2001-07-30 17:59:25 +02:00
}
}
2005-11-24 21:49:23 +01:00
if($GLOBALS['egw_info']['server']['ldap_group_context'])
2001-07-30 17:59:25 +02:00
{
$srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid'));
$info = ldap_get_entries($ldap, $srg);
2004-01-25 20:27:48 +01:00
for($i=0; $i<$info['count']; $i++)
2001-07-30 17:59:25 +02:00
{
2005-11-24 21:49:23 +01:00
if(!$GLOBALS['egw_info']['server']['global_denied_groups'][$info[$i]['cn'][0]] &&
2004-01-25 20:27:48 +01:00
!$account_info[$i][$info[$i]['cn'][0]])
2001-07-30 17:59:25 +02:00
{
2005-11-24 21:49:23 +01:00
$group_info[-$info[$i]['gidnumber'][0]] = array(
'account_id' => -$info[$i]['gidnumber'][0],
'account_lid' => $info[$i]['cn'][0],
'members' => $info[$i]['memberuid'],
'account_firstname' => $info[$i]['cn'][0],
'account_lastname' => 'Group'
);
2001-07-30 17:59:25 +02:00
}
}
}
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->applications_table,'app_name','app_enabled != 0 AND app_enabled != 3',__LINE__,__FILE__);
while($GLOBALS['egw_setup']->db->next_record())
2001-07-30 17:59:25 +02:00
{
$apps[$GLOBALS['egw_setup']->db->f('app_name')] = lang($GLOBALS['egw_setup']->db->f('app_name'));
2001-07-30 17:59:25 +02:00
}
2004-01-25 20:27:48 +01:00
$cancel = get_var('cancel','POST');
$submit = get_var('submit','POST');
$users = get_var('users','POST');
$admins = get_var('admins','POST');
$s_apps = get_var('s_apps','POST');
$ldapgroups = get_var('ldapgroups','POST');
if($cancel)
2001-07-30 17:59:25 +02:00
{
2004-01-25 20:27:48 +01:00
Header('Location: ldap.php');
2001-07-30 17:59:25 +02:00
exit;
}
2004-01-25 20:27:48 +01:00
if($submit)
2001-07-30 17:59:25 +02:00
{
2004-01-25 20:27:48 +01:00
if(!count($admins))
2001-07-30 17:59:25 +02:00
{
$error = '<br />You must select at least 1 admin';
2001-07-30 17:59:25 +02:00
}
2004-01-25 20:27:48 +01:00
if(!count($s_apps))
2001-07-30 17:59:25 +02:00
{
$error .= '<br />You must select at least 1 application';
2001-07-30 17:59:25 +02:00
}
2004-01-25 20:27:48 +01:00
if(!$error)
2001-07-30 17:59:25 +02:00
{
if($users)
{
2005-11-24 21:49:23 +01:00
foreach($users as $id)
2001-07-30 17:59:25 +02:00
{
$thisacctid = $account_info[$id]['account_id'];
$thisacctlid = $account_info[$id]['account_lid'];
// Do some checks before we try to import the data.
2004-01-25 20:27:48 +01:00
if(!empty($thisacctid) && !empty($thisacctlid))
2001-07-30 17:59:25 +02:00
{
2005-11-24 21:49:23 +01:00
$accounts =& CreateObject('phpgwapi.accounts',(int)$thisacctid);
2001-07-30 17:59:25 +02:00
// Check if the account is already there.
// If so, we won't try to create it again.
$acct_exist = $acct->name2id($thisacctlid);
2004-01-25 20:27:48 +01:00
if($acct_exist)
2001-07-30 17:59:25 +02:00
{
$thisacctid = $acct_exist;
}
$id_exist = $accounts->exists($thisacctlid);
// If not, create it now.
if(!$id_exist)
{
2005-11-24 21:49:23 +01:00
$thisacctid = $accounts->create($account_info[$id]+array(
2001-07-30 17:59:25 +02:00
'account_type' => 'u',
'account_status' => 'A',
2005-11-24 21:49:23 +01:00
'account_expires' => -1,
));
}
if (!$thisacctid) // if we have no account_id, we cant continue
{
continue;
2001-07-30 17:59:25 +02:00
}
// Insert default acls for this user.
// Since the group has app rights, we don't need to give users
// these rights. Instead, we make the user a member of the Default group
// below.
2003-12-19 13:34:45 +01:00
$acl = CreateObject('phpgwapi.acl',(int)$thisacctid);
$acl->db = $GLOBALS['egw_setup']->db;
2001-07-30 17:59:25 +02:00
$acl->read_repository();
// Only give them admin if we asked for them to have it.
// This is typically an exception to apps for run rights
// as a group member.
2004-01-25 20:27:48 +01:00
for($a=0;$a<count($admins);$a++)
2001-07-30 17:59:25 +02:00
{
2004-01-25 20:27:48 +01:00
if($admins[$a] == $thisacctlid)
2001-07-30 17:59:25 +02:00
{
$acl->delete('admin','run',1);
$acl->add('admin','run',1);
}
}
2003-12-19 13:34:45 +01:00
2001-07-30 17:59:25 +02:00
// Now make them a member of the 'Default' group.
// But, only if the current user is not the group itself.
2004-01-25 20:27:48 +01:00
if(!$defaultgroupid)
2001-07-30 17:59:25 +02:00
{
$defaultgroupid = $accounts->name2id('Default');
}
if($defaultgroupid)
{
$acl->delete('phpgw_group',$defaultgroupid,1);
$acl->add('phpgw_group',$defaultgroupid,1);
}
// Save these new acls.
$acl->save_repository();
}
}
}
2004-01-25 20:27:48 +01:00
if($ldapgroups)
2001-07-30 17:59:25 +02:00
{
2005-11-24 21:49:23 +01:00
foreach($ldapgroups as $groupid)
2001-07-30 17:59:25 +02:00
{
$id_exist = 0;
$thisacctid = $group_info[$groupid]['account_id'];
$thisacctlid = $group_info[$groupid]['account_lid'];
$thisfirstname = $group_info[$groupid]['account_firstname'];
$thislastname = $group_info[$groupid]['account_lastname'];
$thismembers = $group_info[$groupid]['members'];
// Do some checks before we try to import the data.
2003-12-19 13:34:45 +01:00
if(!empty($thisacctid) && !empty($thisacctlid))
2001-07-30 17:59:25 +02:00
{
2003-12-19 13:34:45 +01:00
$groups = CreateObject('phpgwapi.accounts',(int)$thisacctid);
2001-07-30 17:59:25 +02:00
// Check if the account is already there.
// If so, we won't try to create it again.
$acct_exist = $groups->name2id($thisacctlid);
/* echo '<br<group: ' . $acct_exist; */
2004-01-25 20:27:48 +01:00
if($acct_exist)
2001-07-30 17:59:25 +02:00
{
$thisacctid = $acct_exist;
}
2003-12-19 13:34:45 +01:00
$id_exist = $groups->exists((int)$thisacctid);
2001-07-30 17:59:25 +02:00
// If not, create it now.
if(!$id_exist)
{
2005-11-24 21:49:23 +01:00
$thisacctid = $groups->create(array(
2001-07-30 17:59:25 +02:00
'account_type' => 'g',
'account_lid' => $thisacctlid,
2005-11-24 21:49:23 +01:00
'account_passwd' => 'x',
2001-07-30 17:59:25 +02:00
'account_firstname' => $thisfirstname,
'account_lastname' => $thislastname,
'account_status' => 'A',
'account_expires' => -1
2005-11-24 21:49:23 +01:00
));
}
if (!$thisacctid) // if we have no account_id, we cant continue
{
continue;
2001-07-30 17:59:25 +02:00
}
// Now make them a member of this group in phpgw.
2005-11-24 21:49:23 +01:00
foreach($thismembers as $key =>$members)
2001-07-30 17:59:25 +02:00
{
2004-01-25 20:27:48 +01:00
if($key == 'count')
2001-07-30 17:59:25 +02:00
{
continue;
}
/* echo '<br />members: ' . $members; */
2001-07-30 17:59:25 +02:00
$tmpid = 0;
@reset($account_info);
while(list($x,$y) = each($account_info))
{
/* echo '<br />checking: '.$y['account_lid']; */
2004-01-25 20:27:48 +01:00
if($members == $y['account_lid'])
2001-07-30 17:59:25 +02:00
{
$tmpid = $acct->name2id($y['account_lid']);
}
}
/*
Insert acls for this group based on memberuid field.
Since the group has app rights, we don't need to give users
these rights. Instead, we maintain group membership here.
*/
if($tmpid)
{
$acl = CreateObject('phpgwapi.acl',$tmpid);
2003-12-19 13:34:45 +01:00
$acl->account_id = (int)$tmpid;
2001-07-30 17:59:25 +02:00
$acl->read_repository();
$acl->delete('phpgw_group',$thisacctid,1);
$acl->add('phpgw_group',$thisacctid,1);
/* Now add the acl to let them change their password */
2001-07-30 17:59:25 +02:00
$acl->delete('preferences','changepassword',1);
$acl->add('preferences','changepassword',1);
$acl->save_repository();
/* Add prefs for selected apps here, since they are per-user.
App access is added below.
*/
$pref = CreateObject('phpgwapi.preferences',$tmpid);
$pref->db = $GLOBALS['egw_setup']->db;
2003-12-19 13:34:45 +01:00
$pref->account_id = (int)$tmpid;
$pref->read_repository();
@reset($s_apps);
2004-01-25 20:27:48 +01:00
while(list($key,$app) = each($s_apps))
{
$phpgw->hooks->single('add_def_pref',$app);
}
$pref->save_repository();
2001-07-30 17:59:25 +02:00
}
}
/* Now give this group some rights */
2005-11-24 21:49:23 +01:00
$GLOBALS['egw_info']['user']['account_id'] = $thisacctid;
2001-07-30 17:59:25 +02:00
$acl = CreateObject('phpgwapi.acl');
2003-12-19 13:34:45 +01:00
$acl->account_id = (int)$thisacctid;
2001-07-30 17:59:25 +02:00
$acl->read_repository();
@reset($s_apps);
2004-01-25 20:27:48 +01:00
while(list($key,$app) = each($s_apps))
2001-07-30 17:59:25 +02:00
{
$acl->delete($app,'run',1);
$acl->add($app,'run',1);
}
$acl->save_repository();
$defaultgroupid = $thisacctid;
}
}
}
else
{
/* Create the 'Default' group */
$groups = CreateObject('phpgwapi.accounts',$defaultgroupid);
// Check if the group account is already there.
// If so, set our group_id to that account's id for use below.
$acct_exist = $groups->name2id('Default');
2004-01-25 20:27:48 +01:00
if($acct_exist)
2001-07-30 17:59:25 +02:00
{
$defaultgroupid = $acct_exist;
}
2003-12-19 13:34:45 +01:00
$id_exist = $groups->exists((int)$defaultgroupid);
2001-07-30 17:59:25 +02:00
// if not, create it, using our original groupid.
if($id_exist)
{
$groups->delete($defaultgroupid);
}
$thisgroup_info = array(
'account_type' => 'g',
'account_lid' => 'Default',
'account_passwd' => $passwd,
'account_firstname' => 'Default',
'account_lastname' => 'Group',
'account_status' => 'A',
'account_expires' => -1
);
2005-11-24 21:49:23 +01:00
$defaultgroupid = $acct->create($thisgroup_info);
2001-07-30 17:59:25 +02:00
$acl = CreateObject('phpgwapi.acl',$defaultgroupid);
2003-12-19 13:34:45 +01:00
$acl->account_id = (int)$defaultgroupid;
2001-07-30 17:59:25 +02:00
$acl->read_repository();
@reset($s_apps);
2004-01-25 20:27:48 +01:00
while(list($key,$app) = each($s_apps))
2001-07-30 17:59:25 +02:00
{
$acl->delete($app,'run',1);
$acl->add($app,'run',1);
}
$acl->save_repository();
} //end default group creation
}
$setup_complete = True;
}
$GLOBALS['egw_setup']->html->show_header(lang('LDAP Import'),False,'config',$GLOBALS['egw_setup']->ConfigDomain . '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')');
2001-07-30 17:59:25 +02:00
2004-01-25 20:27:48 +01:00
if($error)
2001-07-30 17:59:25 +02:00
{
//echo '<br /><center><b>Error:</b> '.$error.'</center>';
$GLOBALS['egw_setup']->html->show_alert_msg('Error',$error);
2001-07-30 17:59:25 +02:00
}
2004-01-25 20:27:48 +01:00
if($setup_complete)
2001-07-30 17:59:25 +02:00
{
echo '<br /><center>'.lang('Import has been completed!').' '.lang('Click <a href="index.php">here</a> to return to setup.').'</center>';
$GLOBALS['egw_setup']->html->show_footer();
2001-07-30 17:59:25 +02:00
exit;
}
$setup_tpl->set_block('ldap','header','header');
$setup_tpl->set_block('ldap','user_list','user_list');
$setup_tpl->set_block('ldap','admin_list','admin_list');
$setup_tpl->set_block('ldap','group_list','group_list');
$setup_tpl->set_block('ldap','app_list','app_list');
$setup_tpl->set_block('ldap','submit','submit');
$setup_tpl->set_block('ldap','footer','footer');
2004-01-25 20:27:48 +01:00
while(list($key,$account) = each($account_info))
2001-07-30 17:59:25 +02:00
{
$user_list .= '<option value="' . $account['account_id'] . '">'
. $common->display_fullname($account['account_lid'],$account['account_firstname'],$account['account_lastname'])
. '</option>';
}
@reset($account_info);
2004-01-25 20:27:48 +01:00
while(list($key,$account) = each($account_info))
2001-07-30 17:59:25 +02:00
{
$admin_list .= '<option value="' . $account['account_lid'] . '">'
. $common->display_fullname($account['account_lid'],$account['account_firstname'],$account['account_lastname'])
. '</option>';
}
2004-01-25 20:27:48 +01:00
while(list($key,$group) = each($group_info))
2001-07-30 17:59:25 +02:00
{
$group_list .= '<option value="' . $group['account_id'] . '">'
. $group['account_lid']
. '</option>';
}
2002-05-14 15:43:34 +02:00
while(list($appname,$apptitle) = each($apps))
2001-07-30 17:59:25 +02:00
{
2002-05-14 15:43:34 +02:00
if($appname == 'admin' ||
$appname == 'skel' ||
$appname == 'backup' ||
$appname == 'netsaint' ||
$appname == 'developer_tools' ||
$appname == 'phpsysinfo' ||
$appname == 'eldaptir' ||
$appname == 'qmailldap')
2001-07-30 17:59:25 +02:00
{
2002-05-14 15:43:34 +02:00
$app_list .= '<option value="' . $appname . '">' . $apptitle . '</option>';
2001-07-30 17:59:25 +02:00
}
else
{
$app_list .= '<option value="' . $appname . '" selected="selected">' . $apptitle . '</option>';
2001-07-30 17:59:25 +02:00
}
}
$setup_tpl->set_var('action_url','ldapimport.php');
$setup_tpl->set_var('users',$user_list);
$setup_tpl->set_var('admins',$admin_list);
$setup_tpl->set_var('ldapgroups',$group_list);
$setup_tpl->set_var('s_apps',$app_list);
$setup_tpl->set_var('ldap_import',lang('LDAP import users'));
2003-12-19 13:34:45 +01:00
$setup_tpl->set_var('description',lang("This section will help you import users and groups from your LDAP tree into eGroupWare's account tables").'.');
2001-07-30 17:59:25 +02:00
$setup_tpl->set_var('select_users',lang('Select which user(s) will be imported'));
$setup_tpl->set_var('select_admins',lang('Select which user(s) will have admin privileges'));
$setup_tpl->set_var('select_groups',lang('Select which group(s) will be imported (group membership will be maintained)'));
$setup_tpl->set_var('select_apps',lang('Select the default applications to which your users will have access').'.');
$setup_tpl->set_var('note',lang('Note: You will be able to customize this later').'.');
$setup_tpl->set_var('form_submit','import');
$setup_tpl->set_var('cancel',lang('Cancel'));
$setup_tpl->pfp('out','header');
$setup_tpl->pfp('out','user_list');
$setup_tpl->pfp('out','admin_list');
$setup_tpl->pfp('out','group_list');
$setup_tpl->pfp('out','app_list');
$setup_tpl->pfp('out','submit');
$setup_tpl->pfp('out','footer');
$GLOBALS['egw_setup']->html->show_footer();
2001-07-30 17:59:25 +02:00
?>