array(
'noheader' => True,
'nonavbar' => True,
'currentapp' => 'home',
'noapi' => True
));
include('./inc/functions.inc.php');
/* Authorize the user to use setup app and load the database */
if(!$GLOBALS['egw_setup']->auth('Config'))
{
Header('Location: index.php');
exit;
}
/* Does not return unless user is authorized */
class egw
{
var $common;
var $accounts;
var $applications;
var $db;
}
$GLOBALS['egw'] = new egw;
$GLOBALS['egw']->common = CreateObject('phpgwapi.common');
$common = $GLOBALS['egw']->common;
$GLOBALS['egw_setup']->loaddb();
$GLOBALS['egw']->db = clone($GLOBALS['egw_setup']->db);
$tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup');
$setup_tpl = CreateObject('setup.Template',$tpl_root);
$setup_tpl->set_file(array(
'ldap' => 'ldap.tpl',
'T_head' => 'head.tpl',
'T_footer' => 'footer.tpl',
'T_alert_msg' => 'msg_alert_msg.tpl'
));
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array(
"config_name LIKE 'ldap%' OR config_name='account_repository'",
),__LINE__,__FILE__);
while($GLOBALS['egw_setup']->db->next_record())
{
$config[$GLOBALS['egw_setup']->db->f('config_name')] = $GLOBALS['egw_setup']->db->f('config_value');
}
$GLOBALS['egw_info']['server']['ldap_host'] = $config['ldap_host'];
$GLOBALS['egw_info']['server']['ldap_context'] = $config['ldap_context'];
$GLOBALS['egw_info']['server']['ldap_group_context'] = $config['ldap_group_context'];
$GLOBALS['egw_info']['server']['ldap_root_dn'] = $config['ldap_root_dn'];
$GLOBALS['egw_info']['server']['ldap_root_pw'] = $config['ldap_root_pw'];
$GLOBALS['egw_info']['server']['account_repository'] = $config['account_repository'];
$GLOBALS['egw_info']['server']['ldap_version3'] = $config['ldap_version3'];
$GLOBALS['egw']->accounts = CreateObject('phpgwapi.accounts');
$acct = $GLOBALS['egw']->accounts;
/* connect to ldap server */
if(!$ldap = $common->ldapConnect())
{
$noldapconnection = True;
}
if($noldapconnection)
{
Header('Location: config.php?error=badldapconnection');
exit;
}
$sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('cn','givenname','uid','uidnumber'));
$info = ldap_get_entries($ldap, $sr);
$tmp = '';
for($i=0; $i<$info['count']; $i++)
{
if(!$GLOBALS['egw_info']['server']['global_denied_users'][$info[$i]['uid'][0]])
{
$account_info[$info[$i]['uidnumber'][0]] = $info[$i];
}
}
if($GLOBALS['egw_info']['server']['ldap_group_context'])
{
$srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid'));
$info = ldap_get_entries($ldap, $srg);
$tmp = '';
for($i=0; $i<$info['count']; $i++)
{
if(!$GLOBALS['egw_info']['server']['global_denied_groups'][$info[$i]['cn'][0]] &&
!$account_info[$i][$info[$i]['cn'][0]])
{
$group_info[-$info[$i]['gidnumber'][0]] = $info[$i];
}
}
}
else
{
$group_info = array();
}
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->applications_table,'app_name','app_enabled != 0 AND app_enabled != 3',__LINE__,__FILE__);
while($GLOBALS['egw_setup']->db->next_record())
{
$apps[$GLOBALS['egw_setup']->db->f('app_name')] = lang($GLOBALS['egw_setup']->db->f('app_name'));
}
if($cancel)
{
Header("Location: ldap.php");
exit;
}
$GLOBALS['egw_setup']->html->show_header(lang('LDAP Modify'),False,'config',$GLOBALS['egw_setup']->ConfigDomain . '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')');
$setup_complete = False;
if(isset($_POST['submit']))
{
$acl = CreateObject('phpgwapi.acl');
if(isset($_POST['ldapgroups']))
{
$groups = CreateObject('phpgwapi.accounts');
while(list($key,$groupid) = each($_POST['ldapgroups']))
{
$id_exist = 0;
$entry = array();
$thisacctid = $group_info[$groupid]['gidnumber'][0];
$thisacctlid = $group_info[$groupid]['cn'][0];
/* echo "Updating GROUPID : ".$thisacctlid."
\n"; */
$thisfirstname = $group_info[$groupid]['cn'][0];
$thismembers = $group_info[$groupid]['memberuid'];
$thisdn = $group_info[$groupid]['dn'];
/* Do some checks before we try to import the data. */
if(!empty($thisacctid) && !empty($thisacctlid))
{
$groups->account_id = (int)$thisacctid;
$sr = ldap_search($ldap,$config['ldap_group_context'],'cn='.$thisacctlid);
$entry = ldap_get_entries($ldap, $sr);
reset($entry[0]['objectclass']);
$addclass = True;
while(list($key,$value) = each($entry[0]['objectclass']))
{
if(strtolower($value) == 'phpgwaccount')
{
$addclass = False;
}
}
if($addclass)
{
reset($entry[0]['objectclass']);
$replace['objectclass'] = $entry[0]['objectclass'];
unset($replace['objectclass']['count']);
$replace['objectclass'][] = 'phpgwAccount';
sort($replace['objectclass']);
ldap_mod_replace($ldap,$thisdn,$replace);
unset($replace);
unset($addclass);
}
unset($add);
if(!@isset($entry[0]['phpgwaccountstatus']))
{
$add['phpgwaccountstatus'][] = 'A';
}
if(!@isset($entry[0]['phpgwaccounttype']))
{
$add['phpgwaccounttype'][] = 'g';
}
if(!@isset($entry[0]['phpgwaccountexpires']))
{
$add['phpgwaccountexpires'][] = -1;
}
if(@isset($add))
{
ldap_mod_add($ldap,$thisdn,$add);
}
/* Now make the members a member of this group in phpgw. */
if(is_array($thismembers))
{
foreach($thismembers as $key => $members)
{
if($key == 'count')
{
continue;
}
/* echo '
members: ' . $members; */
$tmpid = 0;
@reset($account_info);
while(list($x,$y) = each($account_info))
{
/* echo '
checking: '.$y['account_lid']; */
if($members == $y['account_lid'])
{
$tmpid = $y['account_id'];
}
}
// Insert acls for this group based on memberuid field.
// Since the group has app rights, we don't need to give users
// these rights. Instead, we maintain group membership here.
if($tmpid)
{
$acl->account_id = (int)$tmpid;
$acl->read_repository();
$acl->delete('phpgw_group',$thisacctid,1);
$acl->add('phpgw_group',$thisacctid,1);
// Now add the acl to let them change their password
$acl->delete('preferences','changepassword',1);
$acl->add('preferences','changepassword',1);
$acl->save_repository();
}
}
}
/* Now give this group some rights */
$GLOBALS['egw_info']['user']['account_id'] = $thisacctid;
$acl->account_id = (int)$thisacctid;
$acl->read_repository();
@reset($_POST['s_apps']);
while(list($key,$app) = @each($_POST['s_apps']))
{
$acl->delete($app,'run',1);
$acl->add($app,'run',1);
}
$acl->save_repository();
$defaultgroupid = $thisacctid;
}
}
}
if(isset($_POST['users']))
{
$accounts = CreateObject('phpgwapi.accounts');
while(list($key,$id) = each($_POST['users']))
{
$id_exist = 0;
$thisacctid = $account_info[$id]['uidnumber'][0];
$thisacctlid = $account_info[$id]['uid'][0];
/* echo "Updating USERID : ".$thisacctlid."
\n"; */
$thisdn = $account_info[$id]['dn'];
/* Do some checks before we try to import the data. */
if(!empty($thisacctid) && !empty($thisacctlid))
{
$accounts->account_id = (int)$thisacctid;
$sr = ldap_search($ldap,$config['ldap_context'],'uid='.$thisacctlid);
$entry = ldap_get_entries($ldap, $sr);
reset($entry[0]['objectclass']);
$addclass = True;
while(list($key,$value) = each($entry[0]['objectclass']))
{
if(strtolower($value) == 'phpgwaccount')
{
$addclass = False;
}
}
if($addclass)
{
reset($entry[0]['objectclass']);
$replace['objectclass'] = $entry[0]['objectclass'];
unset($replace['objectclass']['count']);
$replace['objectclass'][] = 'phpgwAccount';
sort($replace['objectclass']);
ldap_mod_replace($ldap,$thisdn,$replace);
unset($replace);
unset($addclass);
}
unset($add);
if(!@isset($entry[0]['phpgwaccountstatus']))
{
$add['phpgwaccountstatus'][] = 'A';
}
if(!@isset($entry[0]['phpgwaccounttype']))
{
$add['phpgwaccounttype'][] = 'u';
}
if(!@isset($entry[0]['phpgwaccountexpires']))
{
$add['phpgwaccountexpires'][] = -1;
}
if(@isset($add))
{
ldap_mod_add($ldap,$thisdn,$add);
}
/*
Insert default acls for this user.
Since the group has app rights, we don't need to give users
these rights.
*/
$acl->account_id = (int)$thisacctid;
$acl->read_repository();
/*
However, if no groups were imported, we do need to give each user
apps access
*/
if(empty($_POST['ldapgroups']))
{
@reset($_POST['s_apps']);
while(list($key,$app) = @each($_POST['s_apps']))
{
$acl->delete($app,'run',1);
$acl->add($app,'run',1);
}
}
// Now add the acl to let them change their password
$acl->delete('preferences','changepassword',1);
$acl->add('preferences','changepassword',1);
/*
Only give them admin if we asked for them to have it.
This is typically an exception to apps for run rights
as a group member.
*/
for($a=0;$a<=count($_POST['admins']);$a++)
{
if($_POST['admins'][$a] == $thisacctid)
{
$acl->delete('admin','run',1);
$acl->add('admin','run',1);
}
}
/* Save these new acls. */
$acl->save_repository();
}
}
}
$setup_complete = True;
}
if(isset($_GET['error']))
{
/* echo '