From 4309b73787d951ba63f9f8808017bcc09dfb799d Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sun, 12 Nov 2006 19:14:33 +0000 Subject: [PATCH] fix from moe-AT-no-prob.de --- setup/ldapmodify.php | 433 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 433 insertions(+) create mode 100644 setup/ldapmodify.php diff --git a/setup/ldapmodify.php b/setup/ldapmodify.php new file mode 100644 index 0000000000..c66e1eb0e8 --- /dev/null +++ b/setup/ldapmodify.php @@ -0,0 +1,433 @@ + array( + 'noheader' => True, + 'nonavbar' => True, + 'currentapp' => 'home', + 'noapi' => True + )); + include('./inc/functions.inc.php'); + + /* Authorize the user to use setup app and load the database */ + if(!$GLOBALS['egw_setup']->auth('Config')) + { + Header('Location: index.php'); + exit; + } + /* Does not return unless user is authorized */ + + class egw + { + var $common; + var $accounts; + var $applications; + var $db; + } + $GLOBALS['egw'] = new egw; + $GLOBALS['egw']->common = CreateObject('phpgwapi.common'); + + $common = $GLOBALS['egw']->common; + $GLOBALS['egw_setup']->loaddb(); + $GLOBALS['egw']->db = clone($GLOBALS['egw_setup']->db); + + $tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup'); + $setup_tpl = CreateObject('setup.Template',$tpl_root); + $setup_tpl->set_file(array( + 'ldap' => 'ldap.tpl', + 'T_head' => 'head.tpl', + 'T_footer' => 'footer.tpl', + 'T_alert_msg' => 'msg_alert_msg.tpl' + )); + + $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array( + "config_name LIKE 'ldap%' OR config_name='account_repository'", + ),__LINE__,__FILE__); + while($GLOBALS['egw_setup']->db->next_record()) + { + $config[$GLOBALS['egw_setup']->db->f('config_name')] = $GLOBALS['egw_setup']->db->f('config_value'); + } + $GLOBALS['egw_info']['server']['ldap_host'] = $config['ldap_host']; + $GLOBALS['egw_info']['server']['ldap_context'] = $config['ldap_context']; + $GLOBALS['egw_info']['server']['ldap_group_context'] = $config['ldap_group_context']; + $GLOBALS['egw_info']['server']['ldap_root_dn'] = $config['ldap_root_dn']; + $GLOBALS['egw_info']['server']['ldap_root_pw'] = $config['ldap_root_pw']; + $GLOBALS['egw_info']['server']['account_repository'] = $config['account_repository']; + $GLOBALS['egw_info']['server']['ldap_version3'] = $config['ldap_version3']; + + $GLOBALS['egw']->accounts = CreateObject('phpgwapi.accounts'); + $acct = $GLOBALS['egw']->accounts; + + /* connect to ldap server */ + if(!$ldap = $common->ldapConnect()) + { + $noldapconnection = True; + } + + if($noldapconnection) + { + Header('Location: config.php?error=badldapconnection'); + exit; + } + + $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('cn','givenname','uid','uidnumber')); + $info = ldap_get_entries($ldap, $sr); + $tmp = ''; + + for($i=0; $i<$info['count']; $i++) + { + if(!$GLOBALS['egw_info']['server']['global_denied_users'][$info[$i]['uid'][0]]) + { + $account_info[$info[$i]['uidnumber'][0]] = $info[$i]; + } + } + + if($GLOBALS['egw_info']['server']['ldap_group_context']) + { + $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid')); + $info = ldap_get_entries($ldap, $srg); + $tmp = ''; + + for($i=0; $i<$info['count']; $i++) + { + if(!$GLOBALS['egw_info']['server']['global_denied_groups'][$info[$i]['cn'][0]] && + !$account_info[$i][$info[$i]['cn'][0]]) + { + $group_info[$info[$i]['gidnumber'][0]] = $info[$i]; + } + } + } + else + { + $group_info = array(); + } + + $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->applications_table,'app_name','app_enabled != 0 AND app_enabled != 3',__LINE__,__FILE__); + while($GLOBALS['egw_setup']->db->next_record()) + { + $apps[$GLOBALS['egw_setup']->db->f('app_name')] = lang($GLOBALS['egw_setup']->db->f('app_name')); + } + + if($cancel) + { + Header("Location: ldap.php"); + exit; + } + + $GLOBALS['egw_setup']->html->show_header(lang('LDAP Modify'),False,'config',$GLOBALS['egw_setup']->ConfigDomain . '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')'); + $setup_complete = False; + if(isset($_POST['submit'])) + { + $acl = CreateObject('phpgwapi.acl'); + if(isset($_POST['ldapgroups'])) + { + $groups = CreateObject('phpgwapi.accounts'); + while(list($key,$groupid) = each($_POST['ldapgroups'])) + { + $id_exist = 0; + $entry = array(); + $thisacctid = $group_info[$groupid]['gidnumber'][0]; + $thisacctlid = $group_info[$groupid]['cn'][0]; + /* echo "Updating GROUPID : ".$thisacctlid."
\n"; */ + $thisfirstname = $group_info[$groupid]['cn'][0]; + $thismembers = $group_info[$groupid]['memberuid']; + $thisdn = $group_info[$groupid]['dn']; + + /* Do some checks before we try to import the data. */ + if(!empty($thisacctid) && !empty($thisacctlid)) + { + $groups->account_id = (int)$thisacctid; + + $sr = ldap_search($ldap,$config['ldap_group_context'],'cn='.$thisacctlid); + $entry = ldap_get_entries($ldap, $sr); + + reset($entry[0]['objectclass']); + $addclass = True; + while(list($key,$value) = each($entry[0]['objectclass'])) + { + if(strtolower($value) == 'phpgwaccount') + { + $addclass = False; + } + } + if($addclass) + { + reset($entry[0]['objectclass']); + $replace['objectclass'] = $entry[0]['objectclass']; + unset($replace['objectclass']['count']); + $replace['objectclass'][] = 'phpgwAccount'; + sort($replace['objectclass']); + ldap_mod_replace($ldap,$thisdn,$replace); + unset($replace); + unset($addclass); + } + unset($add); + if(!@isset($entry[0]['phpgwaccountstatus'])) + { + $add['phpgwaccountstatus'][] = 'A'; + } + if(!@isset($entry[0]['phpgwaccounttype'])) + { + $add['phpgwaccounttype'][] = 'g'; + } + if(!@isset($entry[0]['phpgwaccountexpires'])) + { + $add['phpgwaccountexpires'][] = -1; + } + if(@isset($add)) + { + ldap_mod_add($ldap,$thisdn,$add); + } + + /* Now make the members a member of this group in phpgw. */ + if(is_array($thismembers)) + { + foreach($thismembers as $key => $members) + { + if($key == 'count') + { + continue; + } + /* echo '
members: ' . $members; */ + $tmpid = 0; + @reset($account_info); + while(list($x,$y) = each($account_info)) + { + /* echo '
checking: '.$y['account_lid']; */ + if($members == $y['account_lid']) + { + $tmpid = $y['account_id']; + } + } + // Insert acls for this group based on memberuid field. + // Since the group has app rights, we don't need to give users + // these rights. Instead, we maintain group membership here. + if($tmpid) + { + $acl->account_id = (int)$tmpid; + $acl->read_repository(); + + $acl->delete('phpgw_group',$thisacctid,1); + $acl->add('phpgw_group',$thisacctid,1); + + // Now add the acl to let them change their password + $acl->delete('preferences','changepassword',1); + $acl->add('preferences','changepassword',1); + + $acl->save_repository(); + } + } + } + /* Now give this group some rights */ + $GLOBALS['egw_info']['user']['account_id'] = $thisacctid; + $acl->account_id = (int)$thisacctid; + $acl->read_repository(); + @reset($_POST['s_apps']); + while(list($key,$app) = @each($_POST['s_apps'])) + { + $acl->delete($app,'run',1); + $acl->add($app,'run',1); + } + $acl->save_repository(); + $defaultgroupid = $thisacctid; + } + } + } + + if(isset($_POST['users'])) + { + $accounts = CreateObject('phpgwapi.accounts'); + while(list($key,$id) = each($_POST['users'])) + { + $id_exist = 0; + $thisacctid = $account_info[$id]['uidnumber'][0]; + $thisacctlid = $account_info[$id]['uid'][0]; + /* echo "Updating USERID : ".$thisacctlid."
\n"; */ + $thisdn = $account_info[$id]['dn']; + + /* Do some checks before we try to import the data. */ + if(!empty($thisacctid) && !empty($thisacctlid)) + { + $accounts->account_id = (int)$thisacctid; + $sr = ldap_search($ldap,$config['ldap_context'],'uid='.$thisacctlid); + $entry = ldap_get_entries($ldap, $sr); + reset($entry[0]['objectclass']); + $addclass = True; + while(list($key,$value) = each($entry[0]['objectclass'])) + { + if(strtolower($value) == 'phpgwaccount') + { + $addclass = False; + } + } + if($addclass) + { + reset($entry[0]['objectclass']); + $replace['objectclass'] = $entry[0]['objectclass']; + unset($replace['objectclass']['count']); + $replace['objectclass'][] = 'phpgwAccount'; + sort($replace['objectclass']); + ldap_mod_replace($ldap,$thisdn,$replace); + unset($replace); + unset($addclass); + } + unset($add); + if(!@isset($entry[0]['phpgwaccountstatus'])) + { + $add['phpgwaccountstatus'][] = 'A'; + } + if(!@isset($entry[0]['phpgwaccounttype'])) + { + $add['phpgwaccounttype'][] = 'u'; + } + if(!@isset($entry[0]['phpgwaccountexpires'])) + { + $add['phpgwaccountexpires'][] = -1; + } + if(@isset($add)) + { + ldap_mod_add($ldap,$thisdn,$add); + } + + /* + Insert default acls for this user. + Since the group has app rights, we don't need to give users + these rights. + */ + $acl->account_id = (int)$thisacctid; + $acl->read_repository(); + + /* + However, if no groups were imported, we do need to give each user + apps access + */ + if(empty($_POST['ldapgroups'])) + { + @reset($_POST['s_apps']); + while(list($key,$app) = @each($_POST['s_apps'])) + { + $acl->delete($app,'run',1); + $acl->add($app,'run',1); + } + } + // Now add the acl to let them change their password + $acl->delete('preferences','changepassword',1); + $acl->add('preferences','changepassword',1); + + /* + Only give them admin if we asked for them to have it. + This is typically an exception to apps for run rights + as a group member. + */ + for($a=0;$a<=count($_POST['admins']);$a++) + { + if($_POST['admins'][$a] == $thisacctid) + { + $acl->delete('admin','run',1); + $acl->add('admin','run',1); + } + } + /* Save these new acls. */ + $acl->save_repository(); + } + } + } + $setup_complete = True; + } + + if(isset($_GET['error'])) + { + /* echo '
Error: '.$error.'
'; */ + $GLOBALS['egw_setup']->html->show_alert_msg('Error',$_GET['error']); + } + + if($setup_complete) + { + echo '
'.lang('Modifications have been completed!').' '.lang('Click here to return to setup.').'
'; + $GLOBALS['egw_setup']->html->show_footer(); + exit; + } + + $setup_tpl->set_block('ldap','header','header'); + $setup_tpl->set_block('ldap','user_list','user_list'); + $setup_tpl->set_block('ldap','admin_list','admin_list'); + $setup_tpl->set_block('ldap','group_list','group_list'); + $setup_tpl->set_block('ldap','app_list','app_list'); + $setup_tpl->set_block('ldap','submit','submit'); + $setup_tpl->set_block('ldap','footer','footer'); + + $user_list = ''; + while(list($key,$account) = @each($account_info)) + { + $user_list .= ''; + } + + $admin_list = ''; + @reset($account_info); + while (list($key,$account) = @each($account_info)) + { + $admin_list .= ''; + } + + $group_list = ''; + while(list($key,$group) = @each($group_info)) + { + $group_list .= ''; + } + + $app_list = ''; + while(list($appname,$apptitle) = each($apps)) + { + if($appname == 'admin' || + $appname == 'skel' || + $appname == 'backup' || + $appname == 'netsaint' || + $appname == 'developer_tools' || + $appname == 'phpsysinfo' || + $appname == 'eldaptir' || + $appname == 'qmailldap') + { + $app_list .= ''; + } + else + { + $app_list .= ''; + } + } + + $setup_tpl->set_var('action_url','ldapmodify.php'); + $setup_tpl->set_var('users',$user_list); + $setup_tpl->set_var('admins',$admin_list); + $setup_tpl->set_var('ldapgroups',$group_list); + $setup_tpl->set_var('s_apps',$app_list); + + $setup_tpl->set_var('ldap_import',lang('LDAP Modify')); + $setup_tpl->set_var('description',lang("This section will help you setup your LDAP accounts for use with eGroupWare").'.'); + $setup_tpl->set_var('select_users',lang('Select which user(s) will be modified')); + $setup_tpl->set_var('select_admins',lang('Select which user(s) will also have admin privileges')); + $setup_tpl->set_var('select_groups',lang('Select which group(s) will be modified (group membership will be maintained)')); + $setup_tpl->set_var('select_apps',lang('Select the default applications to which your users will have access').'.'); + $setup_tpl->set_var('form_submit',lang('Modify')); + $setup_tpl->set_var('cancel',lang('Cancel')); + + $setup_tpl->pfp('out','header'); + $setup_tpl->pfp('out','user_list'); + $setup_tpl->pfp('out','admin_list'); + $setup_tpl->pfp('out','group_list'); + $setup_tpl->pfp('out','app_list'); + $setup_tpl->pfp('out','submit'); + $setup_tpl->pfp('out','footer'); + + $GLOBALS['egw_setup']->html->show_footer(); +?>