2006-06-08 01:10:06 +02:00
< ? php
/**
2018-06-20 15:24:16 +02:00
* EGroupware Setup - Account migration between SQL <--> LDAP ( incl . AD and Univention )
2008-08-20 08:04:28 +02:00
*
2018-06-20 15:24:16 +02:00
* The migration is done from the account - repository configured for EGroupware !
2008-08-20 08:04:28 +02:00
*
2006-06-08 01:10:06 +02:00
* @ link http :// www . egroupware . org
* @ package setup
* @ author Ralf Becker < RalfBecker - AT - outdoor - training . de >
* @ license http :// opensource . org / licenses / gpl - license . php GPL - GNU General Public License
*/
2016-03-05 15:02:13 +01:00
use EGroupware\Api ;
2006-06-08 01:10:06 +02:00
include ( './inc/functions.inc.php' );
// Authorize the user to use setup app and load the database
if ( ! $GLOBALS [ 'egw_setup' ] -> auth ( 'Config' ) || $_POST [ 'cancel' ])
{
Header ( 'Location: index.php' );
exit ;
}
// Does not return unless user is authorized
$tpl_root = $GLOBALS [ 'egw_setup' ] -> html -> setup_tpl_dir ( 'setup' );
2016-11-17 13:00:19 +01:00
$setup_tpl = new Api\Framework\Template ( $tpl_root );
2006-06-08 01:10:06 +02:00
$setup_tpl -> set_file ( array (
'migration' => 'account_migration.tpl' ,
'T_head' => 'head.tpl' ,
'T_footer' => 'footer.tpl' ,
'T_alert_msg' => 'msg_alert_msg.tpl'
));
2016-05-01 17:56:49 +02:00
$setup_tpl -> set_var ( 'hidden_vars' , Api\Html :: input_hidden ( 'csrf_token' , Api\Csrf :: token ( __FILE__ )));
2014-05-01 08:26:09 +02:00
// check CSRF token for POST requests with any content (setup uses empty POST to call it's modules!)
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' && $_POST )
{
2016-03-05 15:02:13 +01:00
Api\Csrf :: validate ( $_POST [ 'csrf_token' ], __FILE__ );
2014-05-01 08:26:09 +02:00
}
2006-06-08 01:10:06 +02:00
// determine from where we migrate to what
if ( ! is_object ( $GLOBALS [ 'egw_setup' ] -> db ))
{
$GLOBALS [ 'egw_setup' ] -> loaddb ();
}
2010-08-26 22:22:02 +02:00
// Load configuration values account_repository and auth_type, as setup has not yet done so
2008-03-06 21:02:30 +01:00
foreach ( $GLOBALS [ 'egw_setup' ] -> db -> select ( $GLOBALS [ 'egw_setup' ] -> config_table , 'config_name,config_value' ,
2017-11-09 15:25:11 +01:00
" config_name LIKE 'ldap%' OR config_name LIKE 'account_%' OR config_name LIKE '%encryption%' OR config_name='auth_type' OR config_name='mail_suffix' OR config_name LIKE 'ads_%' " ,
2008-03-06 21:02:30 +01:00
__LINE__ , __FILE__ ) as $row )
2006-06-08 01:10:06 +02:00
{
$GLOBALS [ 'egw_info' ][ 'server' ][ $row [ 'config_name' ]] = $row [ 'config_value' ];
2006-06-16 03:07:36 +02:00
}
2012-11-20 16:32:23 +01:00
$from = $GLOBALS [ 'egw_info' ][ 'server' ][ 'account_repository' ];
if ( ! $from && ! ( $from = $GLOBALS [ 'egw_info' ][ 'server' ][ 'auth_type' ]))
2006-06-08 01:10:06 +02:00
{
2012-11-20 16:32:23 +01:00
$from = 'sql' ;
2006-06-08 01:10:06 +02:00
}
2012-11-20 16:32:23 +01:00
$to = $from == 'sql' ? 'ldap' : 'sql' ;
2015-11-13 15:49:34 +01:00
// for Univention: cant check /etc/lsb-release, because it's not in open_basedir!
if ( $to == 'ldap' && @ file_exists ( '/usr/share/univention-directory-manager-tools' ))
{
$to = 'univention' ;
}
2006-06-08 01:10:06 +02:00
$direction = strtoupper ( $from ) . ' --> ' . strtoupper ( $to );
2008-08-20 08:04:28 +02:00
$GLOBALS [ 'egw_setup' ] -> html -> show_header ( $direction , False , 'config' , $GLOBALS [ 'egw_setup' ] -> ConfigDomain .
2006-06-08 01:10:06 +02:00
'(' . $GLOBALS [ 'egw_domain' ][ $GLOBALS [ 'egw_setup' ] -> ConfigDomain ][ 'db_type' ] . ')' );
2008-08-20 08:04:28 +02:00
2010-08-26 22:22:02 +02:00
// create base one level off ldap_context
$base_parts = explode ( ',' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'ldap_context' ]);
array_shift ( $base_parts );
2008-08-20 08:04:28 +02:00
2010-08-26 22:22:02 +02:00
$cmd = new setup_cmd_ldap ( array (
'domain' => $GLOBALS [ 'egw_setup' ] -> ConfigDomain ,
2014-11-17 13:19:56 +01:00
'sub_command' => $_POST [ 'passwords2sql' ] ? 'passwords_to_sql' : 'migrate_to_' . $to ,
2012-10-12 15:35:20 +02:00
// allow to set ldap root DN (ldap_admin) to create instance specific admin DN and structure
'ldap_admin' => ! empty ( $_POST [ 'ldap_admin' ]) ? $_POST [ 'ldap_admin' ] : $GLOBALS [ 'egw_info' ][ 'server' ][ 'ldap_root_dn' ],
'ldap_admin_pw' => ! empty ( $_POST [ 'ldap_admin' ]) ? $_POST [ 'ldap_admin_pw' ] : $GLOBALS [ 'egw_info' ][ 'server' ][ 'ldap_root_pw' ],
2010-08-26 22:22:02 +02:00
'ldap_base' => implode ( ',' , $base_parts ),
2013-05-23 16:33:14 +02:00
'truncate_egw_accounts' => ! empty ( $_POST [ 'truncate_egw_accounts' ]),
2010-08-26 22:22:02 +02:00
) + $GLOBALS [ 'egw_info' ][ 'server' ]);
2008-08-20 08:04:28 +02:00
2014-11-17 13:19:56 +01:00
if ( ! $_POST [ 'migrate' ] && ! $_POST [ 'passwords2sql' ])
2010-08-26 22:22:02 +02:00
{
2015-11-13 15:49:34 +01:00
$accounts = $cmd -> accounts ( $from );
2011-05-04 11:42:50 +02:00
2006-06-08 01:10:06 +02:00
// now outputting the account selection
$setup_tpl -> set_block ( 'migration' , 'header' , 'header' );
$setup_tpl -> set_block ( 'migration' , 'user_list' , 'user_list' );
$setup_tpl -> set_block ( 'migration' , 'group_list' , 'group_list' );
2012-10-12 15:35:20 +02:00
$setup_tpl -> set_block ( 'migration' , 'ldap_admin' , 'ldap_admin' );
2006-06-08 01:10:06 +02:00
$setup_tpl -> set_block ( 'migration' , 'submit' , 'submit' );
$setup_tpl -> set_block ( 'migration' , 'footer' , 'footer' );
2013-05-23 16:33:14 +02:00
$setup_tpl -> set_block ( 'migration' , 'truncate_egw_accounts' , 'truncate_egw_accounts' );
2008-08-20 08:04:28 +02:00
2006-06-08 01:10:06 +02:00
foreach ( $accounts as $account_id => $account )
{
if ( $account [ 'account_type' ] == 'g' )
{
2012-11-20 17:02:53 +01:00
if ( isset ( $accounts [ abs ( $account_id )]))
{
$identical_account_id_warning .= lang ( 'Group %1 uses identical ID %2 as user %3!' , $account [ 'account_lid' ], abs ( $account_id ), $accounts [ abs ( $account_id )][ 'account_lid' ]);
}
2006-06-08 01:10:06 +02:00
$group_list .= '<option value="' . $account_id . '" selected="1">' . $account [ 'account_lid' ] . " </option> \n " ;
}
else
{
$user_list .= '<option value="' . $account_id . '" selected="1">' .
2016-05-01 17:56:49 +02:00
Api\Accounts :: format_username ( $account [ 'account_lid' ],
2006-06-08 01:10:06 +02:00
$account [ 'account_firstname' ], $account [ 'account_lastname' ]) . " </option> \n " ;
}
}
$setup_tpl -> set_var ( 'action_url' , 'account_migration.php' );
$setup_tpl -> set_var ( 'users' , $user_list );
$setup_tpl -> set_var ( 'groups' , $group_list );
2008-08-20 08:04:28 +02:00
2013-05-23 16:33:14 +02:00
$setup_tpl -> set_var ( 'description' , lang ( 'Migration between EGroupware account repositories' ) . ': ' . $direction );
2006-06-08 01:10:06 +02:00
$setup_tpl -> set_var ( 'select_users' , lang ( 'Select which user(s) will be exported' ));
$setup_tpl -> set_var ( 'select_groups' , lang ( 'Select which group(s) will be exported' ));
2012-11-20 17:02:53 +01:00
$setup_tpl -> set_var ( 'memberships' , $identical_account_id_warning ?
'<p style="color: red">' . $identical_account_id_warning . '<br/>' . lang ( 'Migration of group will fail, as SQL does NOT allow identical IDs.' ) . '</p>' :
lang ( 'Group memberships will be migrated too.' ));
2012-10-12 15:35:20 +02:00
$setup_tpl -> set_var ( 'ldap_admin_message' , lang ( 'Give LDAP root DN and password, if you need to create an instance specific admin user, user- or group-context' ));
$setup_tpl -> set_var ( 'ldap_admin_label' , lang ( 'Root DN' ));
$setup_tpl -> set_var ( 'ldap_admin_pw_label' , lang ( 'Root DN password' ));
2006-06-08 01:10:06 +02:00
$setup_tpl -> set_var ( 'migrate' , $direction );
$setup_tpl -> set_var ( 'cancel' , lang ( 'Cancel' ));
2014-11-17 13:19:56 +01:00
if ( $from == 'sql' && $GLOBALS [ 'egw_info' ][ 'server' ][ 'auth_type' ] == 'ldap' )
{
2016-05-01 17:56:49 +02:00
$setup_tpl -> set_var ( 'extra_button' , Api\Html :: submit_button ( 'passwords2sql' , lang ( 'Passwords --> SQL' )));
2014-11-17 13:19:56 +01:00
}
2008-08-20 08:04:28 +02:00
2006-06-08 01:10:06 +02:00
$setup_tpl -> pfp ( 'out' , 'header' );
if ( $user_list )
{
$setup_tpl -> pfp ( 'out' , 'user_list' );
}
if ( $group_list )
{
$setup_tpl -> pfp ( 'out' , 'group_list' );
}
2012-10-12 15:35:20 +02:00
if ( $to == 'ldap' )
{
$setup_tpl -> pfp ( 'out' , 'ldap_admin' );
}
2013-05-23 16:33:14 +02:00
if ( $to == 'sql' )
{
$setup_tpl -> set_var ( 'truncate_egw_accounts_message' , lang ( 'Delete all existing accounts from SQL database' ));
$setup_tpl -> pfp ( 'out' , 'truncate_egw_accounts' );
}
2006-06-08 01:10:06 +02:00
$setup_tpl -> pfp ( 'out' , 'submit' );
$setup_tpl -> pfp ( 'out' , 'footer' );
}
else // do the migration
{
2014-11-17 13:19:56 +01:00
$cmd -> only = ( array ) $_POST [ 'users' ];
if ( empty ( $_POST [ 'passwords2sql' ])) $cmd -> only = array_merge ( $cmd -> only , ( array ) $_POST [ 'groups' ]);
2010-08-26 22:22:02 +02:00
$cmd -> verbose = true ;
echo '<p align="center">' . str_replace ( " \n " , " </p> \n <p align='center'> " , $cmd -> run ()) . " </p> \n " ;
2014-11-17 13:19:56 +01:00
2012-11-20 16:32:23 +01:00
// store new repostory (and auth_type), as we are migrated now
2014-11-17 13:19:56 +01:00
if ( $_POST [ 'migrate' ])
2012-11-20 16:32:23 +01:00
{
2016-05-01 17:56:49 +02:00
Api\Config :: save_value ( 'account_repository' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'account_repository' ] = $to , 'phpgwapi' );
2014-11-17 13:19:56 +01:00
if ( empty ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'auth_type' ]) || $GLOBALS [ 'egw_info' ][ 'server' ][ 'auth_type' ] == $from )
{
2016-05-01 17:56:49 +02:00
Api\Config :: save_value ( 'auth_type' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'auth_type' ] = $to , 'phpgwapi' );
2014-11-17 13:19:56 +01:00
}
2012-11-20 16:32:23 +01:00
}
2006-06-08 01:10:06 +02:00
echo '<p align="center">' . lang ( 'Click <a href="index.php">here</a> to return to setup.' ) . " </p> \n " ;
}
$GLOBALS [ 'egw_setup' ] -> html -> show_footer ();