From 2353439517c1e8d4b68d2cbe1afcc02dfead69eb Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 25 Jun 2018 14:40:38 +0200 Subject: [PATCH] WIP account-migration incl. mail-attributes AD --> SQL --> Univentionapi/src/Accounts* --- setup/account_migration.php | 9 +++++++-- setup/inc/class.setup_cmd_ldap.inc.php | 21 ++++++++++++++++++++- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/setup/account_migration.php b/setup/account_migration.php index 29a748190f..2ec39f6c17 100644 --- a/setup/account_migration.php +++ b/setup/account_migration.php @@ -45,7 +45,8 @@ if (!is_object($GLOBALS['egw_setup']->db)) } // Load configuration values account_repository and auth_type, as setup has not yet done so foreach($GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value', - "config_name LIKE 'ldap%' OR config_name LIKE 'account_%' OR config_name LIKE '%encryption%' OR config_name='auth_type' OR config_name='mail_suffix' OR config_name LIKE 'ads_%'", + "config_name LIKE 'ldap%' OR config_name LIKE 'account_%' OR config_name LIKE '%encryption%' OR ". + "config_name IN ('auth_type','install_id','mail_suffix') OR config_name LIKE 'ads_%'", __LINE__,__FILE__) as $row) { $GLOBALS['egw_info']['server'][$row['config_name']] = $row['config_value']; @@ -58,7 +59,7 @@ if (!$from && !($from = $GLOBALS['egw_info']['server']['auth_type'])) $to = $from == 'sql' ? 'ldap' : 'sql'; // for Univention: cant check /etc/lsb-release, because it's not in open_basedir! -if ($to == 'ldap' && @file_exists('/usr/share/univention-directory-manager-tools')) +if ($to == 'ldap' && Api\Accounts\Univention::available()) { $to = 'univention'; } @@ -154,6 +155,9 @@ if (!$_POST['migrate'] && !$_POST['passwords2sql']) } else // do the migration { + // switching off execution time limit, as migration can take quite some time + @set_time_limit(0); + $cmd->only = (array)$_POST['users']; if (empty($_POST['passwords2sql'])) $cmd->only = array_merge($cmd->only, (array)$_POST['groups']); $cmd->verbose = true; @@ -163,6 +167,7 @@ else // do the migration if ($_POST['migrate']) { Api\Config::save_value('account_repository', $GLOBALS['egw_info']['server']['account_repository']=$to, 'phpgwapi'); + if ($to == 'univention') $to = 'ldap'; // there is no auth type "univention", just "ldap" if (empty($GLOBALS['egw_info']['server']['auth_type']) || $GLOBALS['egw_info']['server']['auth_type'] == $from) { Api\Config::save_value('auth_type', $GLOBALS['egw_info']['server']['auth_type']=$to, 'phpgwapi'); diff --git a/setup/inc/class.setup_cmd_ldap.inc.php b/setup/inc/class.setup_cmd_ldap.inc.php index a27e99288c..ee344ede35 100644 --- a/setup/inc/class.setup_cmd_ldap.inc.php +++ b/setup/inc/class.setup_cmd_ldap.inc.php @@ -50,6 +50,12 @@ use EGroupware\Api; * ldap_context=ou=accounts,dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost * * - updating passwords for existing users in SQL from LDAP, eg. to switch off authentication to LDAP on a SQL install. + * + * - migrate whole domain from AD to Univention: + * 1. migrate from AD --> SQL including mail-attributes + * 2. optionaly fix user-names etc in SQL + * 3. migrate from SQL --> Univention (make sure NOT to select existing users like "join-backup/slaves" + * and delete "anonymous" user from EGroupware App install in UCS) */ class setup_cmd_ldap extends setup_cmd { @@ -517,6 +523,19 @@ class setup_cmd_ldap extends setup_cmd $errors++; continue; } + if ($accounts_obj->exists($account['account_lid'])) + { + $msg[] = lang('%1 already exists in %2.', + lang('User').' '.$account['account_lid'].' ('.$account_id.')', $target); + $errors++; + continue; + } + if ($to == 'univention' && in_array($account['account_lid'], array('root'))) + { + $msg[] = lang('%1 not allowed to create in Univention.', $what); + $errors++; + continue; + } if ($to != 'sql') { if ($GLOBALS['egw_info']['server']['ldap_extra_attributes']) @@ -668,7 +687,7 @@ class setup_cmd_ldap extends setup_cmd $addressbook = new Api\Contacts\Storage(); foreach($this->as_array() as $name => $value) { - if (substr($name, 5) == 'ldap_') + if (substr($name, 5) == 'ldap_' || substr($name, 4) == 'ads_') { $GLOBALS['egw_info']['server'][$name] = $value; }