* AD/LDAP: account import supports now (keeping) local groups and their memberships, if configured to do so

This commit is contained in:
ralf 2023-02-24 09:47:27 +01:00
parent 9fa67c22a1
commit 190c785388
4 changed files with 16 additions and 7 deletions

View File

@ -158,7 +158,7 @@ class Import
{ {
throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!"); throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!");
} }
if (!in_array($type = $GLOBALS['egw_info']['server']['account_import_type'], ['users', 'users+groups'])) if (!in_array($type = $GLOBALS['egw_info']['server']['account_import_type'], ['users', 'users+groups', 'users+local+groups']))
{ {
throw new \InvalidArgumentException("Invalid account_import_type='{$GLOBALS['egw_info']['server']['account_import_type']}'!"); throw new \InvalidArgumentException("Invalid account_import_type='{$GLOBALS['egw_info']['server']['account_import_type']}'!");
} }
@ -183,7 +183,8 @@ class Import
if (in_array('groups', explode('+', $type))) if (in_array('groups', explode('+', $type)))
{ {
foreach($this->groups($initial_import ? null : $GLOBALS['egw_info']['server']['account_import_lastrun'], foreach($this->groups($initial_import ? null : $GLOBALS['egw_info']['server']['account_import_lastrun'],
$delete, $groups, $set_members, $dry_run) as $name => $val) in_array('local', explode('+', $type)) ? 'no' : $delete,
$groups, $set_members, $dry_run) as $name => $val)
{ {
$$name += $val; $$name += $val;
} }
@ -646,11 +647,8 @@ class Import
} }
$groups[$sql_id] = $group['account_lid']; $groups[$sql_id] = $group['account_lid'];
// if we only get modified groups, we need to record and return the id's to update members, AFTER users are created/updated // we need to record and return the id's to update members, AFTER users are created/updated
if ($modified) $set_members[$sql_id] = $this->accounts->read($group['account_id'])['members'];
{
$set_members[$sql_id] = $this->accounts->read($group['account_id'])['members'];
}
} }
// delete the groups not returned from LDAP, groups can NOT be deactivated, we just delete them in the DB // delete the groups not returned from LDAP, groups can NOT be deactivated, we just delete them in the DB

View File

@ -270,6 +270,7 @@ domain-name setup de Domainname
don't change, if you already stored files! you will loose them! setup de Nicht ändern, wenn Sie bereits Dateien gespeichert haben! Sie werden Sie verlieren! don't change, if you already stored files! you will loose them! setup de Nicht ändern, wenn Sie bereits Dateien gespeichert haben! Sie werden Sie verlieren!
dont touch my data setup de Meine Daten nicht verändern dont touch my data setup de Meine Daten nicht verändern
download setup de Herunterladen download setup de Herunterladen
dry-run (only show what would happen) setup de Testlauf (zeige nur an was gemacht würde)
easiest way under win2008r2 is to add role "active directory certificate services" and reboot. setup de Unter Win2008r2 geht das am einfachsten durch hinzufügen der Rolle "Active Directory-Zertifikatsdienste" und neu starten. easiest way under win2008r2 is to add role "active directory certificate services" and reboot. setup de Unter Win2008r2 geht das am einfachsten durch hinzufügen der Rolle "Active Directory-Zertifikatsdienste" und neu starten.
edit current configuration setup de Gegenwärtige Konfiguration überarbeiten edit current configuration setup de Gegenwärtige Konfiguration überarbeiten
edit your existing header.inc.php setup de Bearbeiten Ihrer existierenden header.inc.php edit your existing header.inc.php setup de Bearbeiten Ihrer existierenden header.inc.php
@ -339,6 +340,7 @@ go to setup de Gehen zu
grant access setup de Zugriff gewähren grant access setup de Zugriff gewähren
group setup de Gruppe group setup de Gruppe
group %1 uses identical id %2 as user %3! setup de Gruppe %1 verwendet die identische ID %2 wie Benutzer %3! group %1 uses identical id %2 as user %3! setup de Gruppe %1 verwendet die identische ID %2 wie Benutzer %3!
group context setup de Gruppen Kontext
group memberships will be migrated too. setup de Gruppenmitgliedschaften werden auch migriert. group memberships will be migrated too. setup de Gruppenmitgliedschaften werden auch migriert.
has a version mismatch setup de hat eine falsche Versionsanpassung has a version mismatch setup de hat eine falsche Versionsanpassung
header admin login setup de Login Headerverwaltung header admin login setup de Login Headerverwaltung
@ -427,6 +429,7 @@ limit access setup de Zugang beschränken
limit access to setup to the following addresses, networks or hostnames (e.g. 127.0.0.1,10.1.1,myhost.dnydns.org) setup de Zugang zu Setup auf die folgenden IP Adressen, Netzwerke oder Hostnamen beschränken (z.B. 127.0.0.1,10.1.1,myhost.dnydns.org) limit access to setup to the following addresses, networks or hostnames (e.g. 127.0.0.1,10.1.1,myhost.dnydns.org) setup de Zugang zu Setup auf die folgenden IP Adressen, Netzwerke oder Hostnamen beschränken (z.B. 127.0.0.1,10.1.1,myhost.dnydns.org)
list availible values setup de Listen der verfügbaren Werte list availible values setup de Listen der verfügbaren Werte
list of availible translations setup de Liste der verfügbaren Sprachen list of availible translations setup de Liste der verfügbaren Sprachen
local groups includes groups and their memberships deleted on the ad/ldap server! setup de Lokale Gruppen enthalten auch Gruppen und deren Mitgliedschaften die auf dem AD/LDAP Server gelöscht wurden!
login as user postgres, eg. by using su as root setup de Als Benutzer postgres einlogen, zB. durch benutzen von su als root login as user postgres, eg. by using su as root setup de Als Benutzer postgres einlogen, zB. durch benutzen von su als root
login to mysql - setup de mysql aufrufen - login to mysql - setup de mysql aufrufen -
loginname needed for domain configuration setup de Benutzername für die Konfiguration der Domain loginname needed for domain configuration setup de Benutzername für die Konfiguration der Domain
@ -723,9 +726,11 @@ upload backup setup de Datensicherung hochladen
uploads a backup and installs it on your db setup de lädt eine Datensicherung hoch und installiert sie auf Ihrer DB uploads a backup and installs it on your db setup de lädt eine Datensicherung hoch und installiert sie auf Ihrer DB
uploads a backup to the backup-dir, from where you can restore it setup de Laden Sie eine Datensicherung in das Datensicherungsverzeichnis, von wo sie diese zurücksichern können uploads a backup to the backup-dir, from where you can restore it setup de Laden Sie eine Datensicherung in das Datensicherungsverzeichnis, von wo sie diese zurücksichern können
usage: %1 command [additional options] setup de Aufruf: %1 Kommando [zusätzliche Optionen] usage: %1 command [additional options] setup de Aufruf: %1 Kommando [zusätzliche Optionen]
use %u for username, leave empty to no set setup de Benutzer %u für den Benutzernamen, leer lassen um nichts zu setzen
use --create-header to create the configuration file (--usage gives more options). setup de Benutzen Sie --create-header um die Konfigurationsdatei anzulegen (--usage gibt mehr Optionen). use --create-header to create the configuration file (--usage gives more options). setup de Benutzen Sie --create-header um die Konfigurationsdatei anzulegen (--usage gibt mehr Optionen).
use --install to install egroupware. setup de Benutzen Sie --install um EGroupware zu installieren. use --install to install egroupware. setup de Benutzen Sie --install um EGroupware zu installieren.
use --update to do so. setup de Benutzen Sie --update dafür. use --update to do so. setup de Benutzen Sie --update dafür.
use account description to store saml username setup de Benutze Beschreibung des Benutzers um den SAML Benutzernamen zu speichern
use cookies to pass sessionid setup de SitzungsId in einem Cookie speichern use cookies to pass sessionid setup de SitzungsId in einem Cookie speichern
use mcrypt to crypt session-data: {off(default) | on},[mcrypt-init-vector(default randomly generated)],[mcrypt-version] setup de benutze mcrypt zur Verschlüsselung der Sitzungsdaten: {off(Vorgabe) | on},[mcrypt Initialisierung(Vorgabe ist zufällig erzeugt)],[mcrypt Version] use mcrypt to crypt session-data: {off(default) | on},[mcrypt-init-vector(default randomly generated)],[mcrypt-version] setup de benutze mcrypt zur Verschlüsselung der Sitzungsdaten: {off(Vorgabe) | on},[mcrypt Initialisierung(Vorgabe ist zufällig erzeugt)],[mcrypt Version]
use persistent db connections: {on(default) | off} setup de benutze permanente Datenbankverbindung: {on(Vorgabe) | off} use persistent db connections: {on(default) | off} setup de benutze permanente Datenbankverbindung: {on(Vorgabe) | off}
@ -741,6 +746,7 @@ usernames (comma-separated) which can get vfs root access (beside setup user) se
usernames are casesensitive setup de Benutzername mit Unterscheidung zwischen Groß- und Kleinschreibung usernames are casesensitive setup de Benutzername mit Unterscheidung zwischen Groß- und Kleinschreibung
users choice setup de Benutzerauswahl users choice setup de Benutzerauswahl
users, groups and memberships setup de Benutzer, Gruppen und Mitgliedschaften users, groups and memberships setup de Benutzer, Gruppen und Mitgliedschaften
users, groups and memberships, keep local groups setup de Benutzer, Gruppen und Mitgliedschaften, erlaube lokale Gruppen
usually more annoying.<br />admins can use admin >> manage accounts or groups to give access to further apps. setup de Normalerweise mehr ärgerlich als nützlich<br /> usually more annoying.<br />admins can use admin >> manage accounts or groups to give access to further apps. setup de Normalerweise mehr ärgerlich als nützlich<br />
utf-8 (unicode) setup de utf-8 (Unicode) utf-8 (unicode) setup de utf-8 (Unicode)
validation errors setup de Fehler bei der Prüfung der Eingaben validation errors setup de Fehler bei der Prüfung der Eingaben

View File

@ -271,6 +271,7 @@ domain-name setup en Domain name
don't change, if you already stored files! you will loose them! setup en Don't change, if you already stored files! You will loose them! don't change, if you already stored files! you will loose them! setup en Don't change, if you already stored files! You will loose them!
dont touch my data setup en Don't touch my data dont touch my data setup en Don't touch my data
download setup en Download download setup en Download
dry-run (only show what would happen) setup en Dry-run (only show what would happen)
easiest way under win2008r2 is to add role "active directory certificate services" and reboot. setup en Easiest way under win2008r2 is to add role "Active Directory Certificate Services" and reboot. easiest way under win2008r2 is to add role "active directory certificate services" and reboot. setup en Easiest way under win2008r2 is to add role "Active Directory Certificate Services" and reboot.
edit current configuration setup en Edit current configuration edit current configuration setup en Edit current configuration
edit your existing header.inc.php setup en Edit your existing header.inc.php edit your existing header.inc.php setup en Edit your existing header.inc.php
@ -342,6 +343,7 @@ go to setup en Go to
grant access setup en Grant access grant access setup en Grant access
group setup en Group group setup en Group
group %1 uses identical id %2 as user %3! setup en Group %1 uses identical ID %2 as user %3! group %1 uses identical id %2 as user %3! setup en Group %1 uses identical ID %2 as user %3!
group context setup en Group context
group memberships will be migrated too. setup en Group memberships will be migrated too. group memberships will be migrated too. setup en Group memberships will be migrated too.
has a version mismatch setup en Has a version mismatch has a version mismatch setup en Has a version mismatch
header admin login setup en Header admin login header admin login setup en Header admin login
@ -431,6 +433,7 @@ limit access setup en Limit access
limit access to setup to the following addresses, networks or hostnames (e.g. 127.0.0.1,10.1.1,myhost.dnydns.org) setup en Limit access to setup to the following addresses, networks or host names (e.g. 127.0.0.1,10.1.1,myhost.dnydns.org) limit access to setup to the following addresses, networks or hostnames (e.g. 127.0.0.1,10.1.1,myhost.dnydns.org) setup en Limit access to setup to the following addresses, networks or host names (e.g. 127.0.0.1,10.1.1,myhost.dnydns.org)
list availible values setup en List available values list availible values setup en List available values
list of availible translations setup en List of available translations list of availible translations setup en List of available translations
local groups includes groups and their memberships deleted on the ad/ldap server! setup en Local groups includes groups and their memberships deleted on the AD/LDAP server!
login as user postgres, eg. by using su as root setup en Login as user postgres, eg. by using su as root login as user postgres, eg. by using su as root setup en Login as user postgres, eg. by using su as root
login to mysql - setup en Login to mysql - login to mysql - setup en Login to mysql -
loginname needed for domain configuration setup en Login name needed for domain configuration loginname needed for domain configuration setup en Login name needed for domain configuration
@ -747,6 +750,7 @@ usernames (comma-separated) which can get vfs root access (beside setup user) se
usernames are casesensitive setup en User names are case sensitive usernames are casesensitive setup en User names are case sensitive
users choice setup en Users choice users choice setup en Users choice
users, groups and memberships setup en users, groups and memberships users, groups and memberships setup en users, groups and memberships
users, groups and memberships, keep local groups setup en users, groups and memberships, keep local groups
usually more annoying.<br />admins can use admin >> manage accounts or groups to give access to further apps. setup en Usually more annoying.<br />Admins can use Admin >> Manage accounts or groups to give access to further apps. usually more annoying.<br />admins can use admin >> manage accounts or groups to give access to further apps. setup en Usually more annoying.<br />Admins can use Admin >> Manage accounts or groups to give access to further apps.
utf-8 (unicode) setup en utf-8 (Unicode) utf-8 (unicode) setup en utf-8 (Unicode)
validation errors setup en Validation errors validation errors setup en Validation errors

View File

@ -473,6 +473,7 @@
<select name="newsettings[account_import_type]"> <select name="newsettings[account_import_type]">
<option value="users" {selected_account_import_type_users}>{lang_just_users}</option> <option value="users" {selected_account_import_type_users}>{lang_just_users}</option>
<option value="users+groups" {selected_account_import_type_users+groups}>{lang_users,_groups_and_memberships}</option> <option value="users+groups" {selected_account_import_type_users+groups}>{lang_users,_groups_and_memberships}</option>
<option value="users+local+groups" {selected_account_import_type_users+local+groups} title="{lang_Local_groups_includes_groups_and_their_memberships_deleted_on_the_AD/LDAP_server!}">{lang_users,_groups_and_memberships,_keep_local_groups}</option>
</select> </select>
</td> </td>
</tr> </tr>