#!/usr/bin/php post_install.php must NOT be called as web-page --> exiting !!!'); } $verbose = false; $config = array( 'php' => '/usr/bin/php', 'pear' => '/usr/bin/pear', 'source_dir' => '/usr/share/egroupware', 'data_dir' => '/var/lib/egroupware', 'header' => '$data_dir/header.inc.php', // symlinked to source_dir by rpm 'setup-cli' => '$source_dir/setup/setup-cli.php', 'domain' => 'default', 'config_user' => 'admin', 'config_passwd' => randomstring(), 'db_type' => 'mysqli', 'db_host' => 'localhost', 'db_port' => 3306, 'db_name' => 'egroupware', 'db_user' => 'egroupware', 'db_pass' => randomstring(), 'db_grant_host' => 'localhost', 'db_root' => 'root', // mysql root user/pw to create database 'db_root_pw' => '', 'backup' => '', 'admin_user' => 'sysop', 'admin_passwd'=> randomstring(), 'admin_email' => '', 'lang' => 'en', // languages for admin user and extra lang to install 'charset' => 'utf-8', 'start_db' => '/sbin/service mysqld', 'autostart_db' => '/sbin/chkconfig --level 345 mysqld on', 'start_webserver' => '/sbin/service httpd', 'autostart_webserver' => '/sbin/chkconfig --level 345 httpd on', 'distro' => 'rh', 'account-auth' => 'sql', 'account_min_id' => '', 'ldap_suffix' => 'dc=local', 'ldap_host' => 'localhost', 'ldap_admin' => 'cn=admin,$suffix', 'ldap_admin_pw' => '', 'ldap_base' => 'o=$domain,$suffix', 'ldap_root_dn' => 'cn=admin,$base', 'ldap_root_pw' => randomstring(), 'ldap_context' => 'ou=accounts,$base', 'ldap_search_filter' => '(uid=%user)', 'ldap_group_context' => 'ou=groups,$base', 'ldap_encryption_type' => '', 'sambaadmin/sambaSID'=> '', // SID for sambaadmin 'mailserver' => '', 'smtpserver' => 'localhost,25', 'smtp' => '', // see setup-cli.php --help config 'imap' => '', 'sieve' => '', 'folder' => '', 'install-update-app' => '', // install or update a single (non-default) app 'webserver_user'=> 'apache', // required to fix permissions 'php5enmod' => '', ); // read language from LANG enviroment variable if (($lang = isset($_ENV['LANG']) ? $_ENV['LANG'] : $_SERVER['LANG'])) { @list($lang,$nat) = preg_split('/[_.]/',$lang); if (in_array($lang.'-'.strtolower($nat),array('es-es','pt-br','zh-tw'))) { $lang .= '-'.strtolower($nat); } $config['lang'] = $lang; } $config['source_dir'] = dirname(dirname(dirname(__FILE__))); /** * Set distribution spezific defaults * * @param string $distro =null default autodetect */ function set_distro_defaults($distro=null) { global $config; if (is_null($distro)) { $distro = file_exists('/etc/SuSE-release') ? 'suse' : (file_exists('/etc/mandriva-release') ? 'mandriva' : (file_exists('/etc/lsb-release') && preg_match('/^DISTRIB_ID="Univention"$/mi', file_get_contents('/etc/lsb-release')) ? 'univention' : (file_exists('/etc/debian_version') ? 'debian' : 'rh'))); } switch (($config['distro'] = $distro)) { case 'suse': // openSUSE 12.1+ no longer uses php5 if (file_exists('/usr/bin/php5')) $config['php'] = '/usr/bin/php5'; if (file_exists('/usr/bin/pear5')) $config['pear'] = '/usr/bin/pear5'; $config['start_db'] = '/sbin/service mysql'; $config['autostart_db'] = '/sbin/chkconfig --level 345 mysql on'; $config['start_webserver'] = '/sbin/service apache2'; $config['autostart_webserver'] = '/sbin/chkconfig --level 345 apache2 on'; $config['ldap_suffix'] = 'dc=site'; $config['ldap_admin'] = $config['ldap_root_dn'] = 'cn=Administrator,$suffix'; $config['ldap_root_pw'] = '$admin_pw'; $config['ldap_base'] = '$suffix'; $config['ldap_context'] = 'ou=people,$base'; $config['ldap_group_context'] = 'ou=group,$base'; $config['webserver_user'] = 'wwwrun'; break; case 'debian': // service not in Debian5, only newer Ubuntu, which complains about /etc/init.d/xx if (file_exists('/usr/sbin/service')) { $config['start_db'] = '/usr/sbin/service mysql'; $config['start_webserver'] = '/usr/sbin/service apache2'; } else { $config['start_db'] = '/etc/init.d/mysql'; $config['start_webserver'] = '/etc/init.d/apache2'; } // enable mcrypt if (file_exists('/usr/sbin/php5enmod')) { $config['php5enmod'] = '/usr/sbin/php5enmod'; // Ubuntu only needs "-s ALL" and Debian gives an error, because it does not support it if (!file_exists('/etc/php5/conf.d/')) $config['php5enmod'] .= ' -s ALL'; $config['php5enmod'] .= ' mcrypt'; } $config['autostart_db'] = '/usr/sbin/update-rc.d mysql defaults'; $config['autostart_webserver'] = '/usr/sbin/update-rc.d apache2 defaults'; $config['webserver_user'] = 'www-data'; break; case 'mandriva': $config['ldap_suffix'] = 'dc=site'; $config['ldap_admin'] = $config['ldap_root_dn'] = 'uid=LDAP Admin,ou=System Accounts,$suffix'; $config['ldap_root_pw'] = '$admin_pw'; $config['ldap_base'] = '$suffix'; $config['ldap_context'] = 'ou=People,$base'; $config['ldap_group_context'] = 'ou=Group,$base'; break; case 'univention': set_univention_defaults(); break; default: $config['distro'] = 'rh'; // fall through case 'rh': // some MySQL packages (mysql.com, MariaDB, ...) use "mysql" as service name instead of RH default "mysqld" if (file_exists('/usr/bin/systemctl')) // RHEL 7 { $config['start_db'] = '/usr/bin/systemctl %s mariadb'; $config['autostart_db'] = build_cmd('start_db', 'enable'); $config['start_webserver'] = '/usr/bin/systemctl %s httpd'; $config['autostart_webserver'] = build_cmd('start_webserver', 'enable'); } elseif (!file_exists('/etc/init.d/mysqld') && file_exists('/etc/init.d/mysql')) { foreach(array('start_db','autostart_db') as $name) { $config[$name] = str_replace('mysqld','mysql',$config[$name]); } } break; } } set_distro_defaults(); // read config from command line $argv = $_SERVER['argv']; $prog = array_shift($argv); // check if we have EGW_POST_INSTALL set and prepend it to the command line (command line has precedence) if (($config_set = isset($_ENV['EGW_POST_INSTALL']) ? $_ENV['EGW_POST_INSTALL'] : @$_SERVER['EGW_POST_INSTALL'])) { $conf = array(); $config_set = preg_split('/[ \t]+/',trim($config_set)); while($config_set) { $val = array_shift($config_set); if (($quote = $val[0]) == "'" || $quote == '"') // arguments might be quoted with ' or " { while (substr($val,-1) != $quote) { if (!$config_set) throw new Exception('Invalid EGW_POST_INSTALL enviroment variable!'); $val .= ' '.array_shift($config_set); } $val = substr($val,1,-1); } $conf[] = $val; } $argv = array_merge($conf,$argv); } $auth_type_given = false; while(($arg = array_shift($argv))) { if ($arg == '-v' || $arg == '--verbose') { $verbose = true; } elseif($arg == '-h' || $arg == '--help') { usage(); } elseif($arg == '--suse') { set_distro_defaults('suse'); } elseif($arg == '--distro') { set_distro_defaults(array_shift($argv)); } elseif(substr($arg,0,2) == '--' && isset($config[$name=substr($arg,2)])) { $config[$name] = array_shift($argv); switch($name) { case 'auth_type': $auth_type_given = true; break; case 'account_repository': // auth-type defaults to account-repository if (!$auth_type_given) { $config['auth_type'] = $config[$name]; } break; } } else { usage("Unknown argument '$arg'!"); } } $replace = array(); foreach($config as $name => $value) { $replace['$'.$name] = $value; if (strpos($value,'$') !== false) { $config[$name] = strtr($value,$replace); } } // basic config checks foreach(array('php','source_dir','data_dir','setup-cli') as $name) { if (!file_exists($config[$name])) bail_out(1,$config[$name].' not found!'); } // fix important php.ini and conf.d/*.ini settings check_fix_php_apc_ini(); // install/upgrade required pear packages check_install_pear_packages(); $setup_cli = $config['php'].' -d memory_limit=256M '.$config['setup-cli']; if (!file_exists($config['header']) || filesize($config['header']) < 200) // default header redirecting to setup is 147 bytes { // --> new install $extra_config = ''; // check for localhost if database server is started and start it (permanent) if not if ($config['db_host'] == 'localhost' && $config['start_db']) { exec(build_cmd('start_db', 'status'), $dummy, $ret); if ($ret) { system(build_cmd('start_db', 'start')); if (!empty($config['autostart_db'])) system($config['autostart_db']); } } // create database $setup_db = $setup_cli.' --setup-cmd-database sub_command=create_db'; foreach(array('domain','db_type','db_host','db_port','db_name','db_user','db_pass','db_root','db_root_pw','db_grant_host') as $name) { $setup_db .= ' '.escapeshellarg($name.'='.$config[$name]); } run_cmd($setup_db); // check if ldap is required and initialise it // we need to specify account_repository and auth_type to --install as extra config, otherwise install happens for sql! @list($config['account_repository'],$config['auth_type'],$rest) = explode(',',$config['account-auth'],3); $extra_config .= ' '.escapeshellarg('account_repository='.$config['account_repository']); $extra_config .= ' '.escapeshellarg('auth_type='.(empty($config['auth_type']) ? $config['account_repository'] : $config['auth_type'])); if (empty($rest)) unset($config['account-auth']); if ($config['account_repository'] == 'ldap' || $config['auth_type'] == 'ldap') { // set account_min_id to 1100 if not specified to NOT clash with system accounts $extra_config .= ' '.escapeshellarg('account_min_id='.(!empty($config['account_min_id']) ? $config['account_min_id'] : 1100)); $setup_ldap = $setup_cli.' --setup-cmd-ldap sub_command='. ($config['account_repository'] == 'ldap' ? 'create_ldap' : 'test_ldap'); foreach(array( 'domain','ldap_suffix','ldap_host','ldap_admin','ldap_admin_pw', // non-egw params: only used for create 'ldap_base','ldap_root_dn','ldap_root_pw','ldap_context','ldap_search_filter','ldap_group_context', // egw params 'ldap_encryption_type', 'sambaadmin/sambaSID', ) as $name) { if (strpos($value=$config[$name],'$') !== false) { $config[$name] = $value = strtr($value,array( '$suffix' => $config['ldap_suffix'], '$base' => $config['ldap_base'], '$admin_pw' => $config['ldap_admin_pw'], )); } $setup_ldap .= ' '.escapeshellarg($name.'='.$value); if (!in_array($name,array('domain','ldap_suffix','ldap_admin','ldap_admin_pw'))) { $extra_config .= ' '.escapeshellarg($name.'='.$value); } } run_cmd($setup_ldap); } // enable mcrypt extension eg. for Ubuntu 14.04+ if (!empty($config['php5enmod'])) { run_cmd($config['php5enmod']); } // create header $setup_header = $setup_cli.' --create-header '.escapeshellarg($config['config_passwd'].','.$config['config_user']). ' --domain '.escapeshellarg($config['domain'].','.$config['db_name'].','.$config['db_user'].','.$config['db_pass']. ','.$config['db_type'].','.$config['db_host'].','.$config['db_port']); run_cmd($setup_header); // install egroupware $setup_install = $setup_cli.' --install '.escapeshellarg($config['domain'].','.$config['config_user'].','.$config['config_passwd'].','.$config['backup'].','.$config['charset'].','.$config['lang']) .$extra_config; run_cmd($setup_install); if ($config['data_dir'] != '/var/lib/egroupware') { // set files dir different from default $setup_config = $setup_cli.' --config '.escapeshellarg($config['domain'].','.$config['config_user'].','.$config['config_passwd']). ' --files-dir '.escapeshellarg($config['data_dir'].'/files').' --backup-dir '.escapeshellarg($config['data_dir'].'/backup'); run_cmd($setup_config); } // create mailserver config (fmail requires at least minimal config given as default, otherwise fatal error) $setup_mailserver = $setup_cli.' --config '.escapeshellarg($config['domain'].','.$config['config_user'].','.$config['config_passwd']); foreach(array('account-auth','smtpserver','smtp','postfix','mailserver','imap','cyrus','sieve','folder') as $name) { if (!empty($config[$name])) $setup_mailserver .= ' --'.$name.' '.escapeshellarg($config[$name]); } run_cmd($setup_mailserver); // create first user $setup_admin = $setup_cli.' --admin '.escapeshellarg($config['domain'].','.$config['config_user'].','.$config['config_passwd'].','. $config['admin_user'].','.$config['admin_passwd'].',,,'.$config['admin_email'].','.$config['lang']); run_cmd($setup_admin); // check if webserver is started and start it (permanent) if not if ($config['start_webserver']) { exec(build_cmd('start_webserver', 'status'),$dummy,$ret); if ($ret) { system(build_cmd('start_webserver', 'start')); if (!empty($config['autostart_webserver'])) system($config['autostart_webserver']); } else { system(build_cmd('start_webserver', 'reload')); } } // fix egw_cache evtl. created by root, stoping webserver from accessing it fix_perms(); echo "\n"; echo "EGroupware successful installed\n"; echo "===============================\n"; echo "\n"; echo "Please note the following user names and passwords:\n"; echo "\n"; echo "Setup username: $config[config_user]\n"; echo " password: $config[config_passwd]\n"; echo "\n"; echo "EGroupware username: $config[admin_user]\n"; echo " password: $config[admin_passwd]\n"; echo "\n"; echo "You can log into EGroupware by pointing your browser to http://localhost/egroupware/\n"; echo "Please replace localhost with the appropriate hostname, if you connect remote.\n\n"; if (empty($config['db_root_pw'])) { echo "*** Database has no root password set, please fix that immediatly: mysqladmin -u root password NEWPASSWORD\n\n"; } } else { // --> existing install --> update // get user from header and replace password, as we dont know it $old_password = patch_header($config['header'],$config['config_user'],$config['config_passwd']); // register a shutdown function to put old password back in any case register_shutdown_function('patch_header',$config['header'],$config['config_user'],$old_password); // update egroupware $setup_update = $setup_cli.' --update '.escapeshellarg('all,'.$config['config_user'].','.$config['config_passwd'].',,'.$config['install-update-app']); $ret = run_cmd($setup_update,$output,array(4,15)); switch($ret) { case 4: // header needs an update $header_update = $setup_cli.' --update-header '.escapeshellarg($config['config_passwd'].','.$config['config_user']); run_cmd($header_update); $ret = run_cmd($setup_update,$output,15); if ($ret != 15) break; // fall through case 15: // missing configuration (eg. mailserver) if (!$verbose) echo implode("\n",(array)$output)."\n"; break; case 0: echo "\nEGroupware successful updated\n"; break; } // fix egw_cache evtl. created by root, stoping webserver from accessing it fix_perms(); // restart running Apache, to force APC to update changed sources and/or Apache configuration $output = array(); run_cmd(build_cmd('start_webserver', 'status').' && '.build_cmd('start_webserver', 'restart'), $output, true); exit($ret); } /** * Build command to execute * * @param string $cmd command or index into $config, which either incl. %s for arg or arg with be appended * @param string $arg argument * @return string */ function build_cmd($cmd, $arg) { global $config; if (isset($config[$cmd])) $cmd = $config[$cmd]; if (strpos($cmd, '%s')) return str_replace('%s', $arg, $cmd); return $cmd.' '.$arg; } /** * Patches a given password (for header admin) into the EGroupware header.inc.php and returns the old one * * @param string $filename * @param string &$user username on return(!) * @param string $password new password * @return string old password */ function patch_header($filename,&$user,$password) { $header = file_get_contents($filename); $umatches = $pmatches = null; if (!preg_match('/'.preg_quote("\$GLOBALS['egw_info']['server']['header_admin_user'] = '", '/')."([^']+)';/m",$header,$umatches) || !preg_match('/'.preg_quote("\$GLOBALS['egw_info']['server']['header_admin_password'] = '", '/')."([^']*)';/m",$header,$pmatches)) { bail_out(99,"$filename is no regular EGroupware header.inc.php!"); } file_put_contents($filename,preg_replace('/'.preg_quote("\$GLOBALS['egw_info']['server']['header_admin_password'] = '", '/')."([^']*)';/m", "\$GLOBALS['egw_info']['server']['header_admin_password'] = '".$password."';",$header)); $user = $umatches[1]; return $pmatches[1]; } /** * Runs given shell command, exists with error-code after echoing the output of the failed command (if not already running verbose) * * @param string $cmd * @param array &$output=null $output of command * @param int|array|true $no_bailout =null exit code(s) to NOT bail out, or true to never bail out * @return int exit code of $cmd */ function run_cmd($cmd,array &$output=null,$no_bailout=null) { global $verbose; if ($verbose) { echo $cmd."\n"; $ret = null; system($cmd,$ret); } else { $output[] = $cmd; exec($cmd,$output,$ret); } if ($ret && $no_bailout !== true && !in_array($ret,(array)$no_bailout)) { bail_out($ret,$verbose?null:$output); } return $ret; } /** * Stop programm execution with a given exit code and optional extra message * * @param int $ret =1 * @param array|string $output line(s) to output before temination notice */ function bail_out($ret=1,$output=null) { if ($output) echo implode("\n",(array)$output); echo "\n\nInstallation failed --> exiting!\n\n"; exit($ret); } /** * Return a rand string, eg. to generate passwords * * @param int $len =16 * @return string */ function randomstring($len=16) { static $usedchars = array( '0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f', 'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v', 'w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L', 'M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z', '@','!','%','&','(',')','=','?',';',':','#','_','-','<', '>','|','[',']','}', // dont add /\,'"{ as we have problems dealing with them ); $str = ''; for($i=0; $i < $len; $i++) { $str .= $usedchars[mt_rand(0,count($usedchars)-1)]; } return $str; } /** * Give usage information and an optional error-message, before stoping program execution with exit-code 90 or 0 * * @param string $error =null optional error-message */ function usage($error=null) { global $prog,$config; echo "Usage: $prog [-h|--help] [-v|--verbose] [--distro=(suse|rh|debian)] [options, ...]\n\n"; echo "options and their defaults:\n"; foreach($config as $name => $default) { if (in_array($name, array('postfix','cyrus'))) continue; // do NOT report deprecated options if (in_array($name,array('config_passwd','db_pass','admin_passwd','ldap_root_pw')) && strlen($config[$name]) == 16) { $default = '<16 char random string>'; } echo '--'.str_pad($name,20).$default."\n"; } if ($error) { echo "$error\n\n"; exit(90); } exit(0); } /** * Get installed pear packages, optional from a certain channel * * @global type $config * @param string $channel='' * @return null|array with package => version */ function pear_list($channel='') { global $config; $out = $ret = null; exec($config['pear'].' list'.($channel?' -c '.$channel:''),$out,$ret); if ($channel && $ret == 1) { return null; } if ($ret) { echo "Error running pear command ($config[pear])!\n"; exit(95); } $packages_installed = array(); foreach($out as $line) { $matches = null; if (preg_match('/^([a-z0-9_]+)\s+([0-9.]+[a-z0-9]*)\s+([a-z]+)/i',$line,$matches)) { $packages_installed[($channel?$channel.'/':'').$matches[1]] = $matches[2]; } } return $packages_installed; } /** * Check if required PEAR packges are installed and install them if not, update pear packages with to low version */ function check_install_pear_packages() { global $config; $packages_installed = pear_list(); // some setup files use autoloader define('EGW_SERVER_ROOT', dirname(dirname(__DIR__))); define('EGW_INCLUDE_ROOT', EGW_SERVER_ROOT); define('EGW_API_INC', EGW_SERVER_ROOT.'/phpgwapi/inc'); include_once(EGW_API_INC.'/common_functions.inc.php'); // read required packages from apps $packages = array('PEAR' => true); // pear must be the first, to run it's update first! $channels = array(); $setup_info = array(); foreach(scandir($config['source_dir']) as $app) { if (is_dir($dir=$config['source_dir'].'/'.$app) && file_exists($file=$dir.'/setup/setup.inc.php')) include $file; } foreach($setup_info as $app => $data) { if (isset($data['check_install'])) { foreach($data['check_install'] as $package => $args) { if ($args['func'] == 'pear_check') { if (!$package) $package = 'PEAR'; // if package is prefixed with a channel, list or discover it first if (strpos($package, '/')) { list($channel) = explode('/', $package); if (!in_array($channel, $channels)) { if (($channel_packages = pear_list($channel))) { $packages_installed += $channel_packages; } else { $discover_cmd = $config['pear'].' channel-discover '.$channel; echo "$discover_cmd\n"; system($discover_cmd); } $channels[] = $channel; } } // only overwrite lower version or no version if (!isset($packages[$package]) || $packages[$package] === true || isset($args['version']) && version_compare($args['version'],$packages[$package],'>')) { $packages[$package] = isset($args['version']) ? $args['version'] : true; } } } } } //echo 'Installed: '; print_r($packages_installed); //echo 'Required: '; print_r($packages); $to_install = array_diff(array_keys($packages),array_keys($packages_installed)); $need_upgrade = array(); foreach($packages as $package => $version) { if ($version !== true && $version !== '999.egw-pear' && isset($packages_installed[$package]) && version_compare($version, $packages_installed[$package], '>')) { $need_upgrade[] = $package; } } //echo 'Need upgrade: '; print_r($need_upgrade); //echo 'To install: '; print_r($to_install); if (($to_install || $need_upgrade)) { if (getmyuid()) { echo "You need to run as user root to be able to install/upgrade required PEAR packages!\n"; } else { echo "Install/upgrade required PEAR packages:\n"; // need to run upgrades first, they might be required for install! if ($need_upgrade) { if (in_array('PEAR',$need_upgrade)) // updating pear itself can be very tricky, this is what's needed for stock RHEL pear { $cmd = $config['pear'].' channel-update pear.php.net'; echo "$cmd\n"; system($cmd); $cmd = $config['pear'].' upgrade --force Console_Getopt Archive_Tar'; echo "$cmd\n"; system($cmd); } $cmd = $config['pear'].' upgrade '.implode(' ',$need_upgrade); echo "$cmd\n"; system($cmd); } if ($to_install) { // package install can fail if a required package of one to install is of an older version // unfortunately there is no option to automatic update the required packages automatic // as a quick fix for that situation, we always run "pear upgrade-all" first $cmd = $config['pear'].' upgrade-all'; echo "$cmd\n"; system($cmd); $cmd = $config['pear'].' install '.implode(' ', $to_install); echo "$cmd\n"; system($cmd); } } } } function lang() {} // required to be able to include */setup/setup.inc.php files /** * fix egw_cache perms evtl. created by root, stoping webserver from accessing it */ function fix_perms() { global $config; if (file_exists('/tmp/egw_cache')) { system('/bin/chown -R '.$config['webserver_user'].' /tmp/egw_cache'); system('/bin/chmod 700 /tmp/egw_cache'); } } /** * Set Univention UCS specific defaults * * Defaults are read from ucr registry and /etc/*.secret files * * There are 4 types of Univention servers: * - master DC: /etc/machine.secret, /etc/ldap.secret, ldap/server/type=master * - backup DC: /etc/machine.secret, /etc/ldap.secret, /etc/ldap-backup.secret, ldap/server/type=slave (not backup!) * - slave: /etc/machine.secret, /etc/ldap-backup.secret, ldap/server/type=slave * - member: /etc/machine.secret, no ldap/server/type * * univention-ldapsearch works on all 4 types. * * ucr get ldap/server/(ip|port) points to local ldap (not member). * ucr get ldap/master(/port) ldap/base points to master (on all servers) * * @todo slave and member have no /etc/ldap.secret */ function set_univention_defaults() { global $config; set_distro_defaults('debian'); $config['distro'] = 'univention'; // mysql settings $config['db_root_pw'] = _ucr_secret('mysql'); // check if ucs ldap server is configured if (_ucr_get('ldap/server/ip')) { // ldap settings, see http://docs.univention.de/developer-reference.html#join:secret $config['ldap_suffix'] = $config['ldap_base'] = _ucr_get('ldap/base'); // port is ldap allowing starttls (zertificate/CA is correctly set in /etc/ldap/ldap.conf) $config['ldap_host'] = 'tls://'._ucr_get('ldap/master').':'._ucr_get('ldap/master/port'); $config['ldap_admin'] = $config['ldap_root'] = 'cn=admin,$suffix'; $config['ldap_admin_pw'] = $config['ldap_root_pw'] = _ucr_secret('ldap'); $config['ldap_context'] = 'cn=users,$base'; $config['ldap_group_context'] = 'cn=groups,$base'; $config['ldap_search_filter'] = '(uid=%user)'; // ldap password hash (our default blowfish_crypt seems not to work) $config['ldap_encryption_type'] = 'sha512_crypt'; $config['account_min_id'] = 1200; // UCS use 11xx for internal users/groups $config['account-auth'] = 'univention,ldap'; // set sambaadmin sambaSID $config['sambaadmin/sambaSID'] = exec('/usr/bin/univention-ldapsearch -x "(objectclass=sambadomain)" sambaSID|sed -n "s/sambaSID: \(.*\)/\1/p"'); // mailserver, see setup-cli.php --help config if (($mailserver = exec('/usr/bin/univention-ldapsearch -x "(univentionAppID=mailserver_*)" univentionAppInstalledOnServer|sed -n "s/univentionAppInstalledOnServer: \(.*\)/\1/p"')) && // only set on host mailserver app is installed: _ucr_get('mail/cyrus/imap') == 'yes' && ($domains=_ucr_get('mail/hosteddomains'))) { if (!is_array($domains)) $domains = explode("\n", $domains); $domain = array_shift($domains); // set "use auth with session credentials",tls,"not user editable","further identities" $config['smtpserver'] = "$mailserver,465,,,yes,tls,no,yes"; $config['smtp'] = ',emailadmin_smtp_univention'; $config['mailserver'] = "$mailserver,993,$domain,email,tls"; $config['imap'] = /*'cyrus,'._ucr_secret('cyrus')*/','.',emailadmin_imap_cyrus'; // set folders so mail creates them on first login, UCS does not automatic $config['folder'] = 'INBOX/Sent,INBOX/Trash,INBOX/Drafts,INBOX/Templates,INBOX/Spam'; // default with sieve port to 4190, as config is only available on host mailserver app is installed if (!($sieve_port = _ucr_get('mail/cyrus/sieve/port'))) $sieve_port = 4190; $config['sieve'] = "$mailserver,$sieve_port,starttls"; // set an email address for sysop user so mail works right away $config['admin_email'] = '$admin_user@'.$domain; } } } /** * Get a value from Univention registry * * @param string $name * @return string */ function _ucr_get($name) { static $values=null; if (!isset($values)) { $output = $matches = null; exec('/usr/sbin/ucr dump', $output); foreach($output as $line) { if (preg_match("/^([^:]+): (.*)\n?$/", $line, $matches)) { $values[$matches[1]] = $matches[2]; } } } return $values[$name]; } /** * Read one Univention secret/password eg. _ucr_secret('mysql') * * @param string $name * @return string|boolean */ function _ucr_secret($name) { if (!file_exists($filename = '/etc/'.basename($name).'.secret')) { return false; } return trim(file_get_contents($filename)); } /** * Check and evtl. fix APC(u) shared memory size (apc.shm_segments * apc.shm_size) >= 64M * * We check for < 64M to allow to use that for small installs manually, but set 128M by default. */ function check_fix_php_apc_ini() { if (extension_loaded('apc')) { $shm_size = ini_get('apc.shm_size'); $shm_segments = ini_get('apc.shm_segments'); // ancent APC (3.1.3) in Debian 6/Squezze has size in MB without a unit if (($numeric_size = is_numeric($shm_size) && $shm_size <= 1048576)) $shm_size .= 'M'; $size = _size_with_unit($shm_size) * $shm_segments; //echo "shm_size=$shm_size, shm_segments=$shm_segments --> $size, numeric_size=$numeric_size\n"; // check if we have less then 64MB (eg. default 32M) --> set it to 128MB if ($size < _size_with_unit('64M')) { ob_start(); phpinfo(); $phpinfo = ob_get_clean(); $matches = null; if (preg_match('#(/[a-z0-5./-]+apcu?.ini)(,| |$)#mi', $phpinfo, $matches) && file_exists($path = $matches[1]) && ($apc_ini = file_get_contents($path))) { $new_shm_size = 128 / $shm_segments; if (!$numeric_size) $new_shm_size .= 'M'; if (preg_match('|^apc.shm_size\s*=\s*(\d+[KMG]?)$|m', $apc_ini)) { file_put_contents($path, preg_replace('|^apc.shm_size\s*=\s*(\d+[KMG]?)$|m', 'apc.shm_size='.$new_shm_size, $apc_ini)); } else { file_put_contents($path, $apc_ini."\napc.shm_size=$new_shm_size\n"); } echo "Fix APC(u) configuration, set apc.shm_size=$new_shm_size in $path\n"; } } } } /** * Convert a size with unit eg. 32M to a number * @param int $size * @return int */ function _size_with_unit($size) { switch(strtoupper(substr($size, -1))) { case 'G': $size *= 1024; case 'M': $size *= 1024; case 'K': $size *= 1024; } return $size; }