egroupware_official/setup/account_migration.php

180 lines
7.2 KiB
PHP

<?php
/**
* EGroupware Setup - Account migration between SQL <--> LDAP (incl. AD and Univention)
*
* The migration is done from the account-repository configured for EGroupware!
*
* @link http://www.egroupware.org
* @package setup
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
*/
use EGroupware\Api;
include('./inc/functions.inc.php');
// Authorize the user to use setup app and load the database
if (!$GLOBALS['egw_setup']->auth('Config') || $_POST['cancel'])
{
Header('Location: index.php');
exit;
}
// Does not return unless user is authorized
$tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup');
$setup_tpl = new Api\Framework\Template($tpl_root);
$setup_tpl->set_file(array(
'migration' => 'account_migration.tpl',
'T_head' => 'head.tpl',
'T_footer' => 'footer.tpl',
'T_alert_msg' => 'msg_alert_msg.tpl'
));
$setup_tpl->set_var('hidden_vars', Api\Html::input_hidden('csrf_token', Api\Csrf::token(__FILE__)));
// check CSRF token for POST requests with any content (setup uses empty POST to call it's modules!)
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST)
{
Api\Csrf::validate($_POST['csrf_token'], __FILE__);
}
// determine from where we migrate to what
if (!is_object($GLOBALS['egw_setup']->db))
{
$GLOBALS['egw_setup']->loaddb();
}
// Load configuration values account_repository and auth_type, as setup has not yet done so
foreach($GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',
"config_name LIKE 'ldap%' OR config_name LIKE 'account_%' OR config_name LIKE '%encryption%' OR ".
"config_name IN ('auth_type','install_id','mail_suffix') OR config_name LIKE 'ads_%'",
__LINE__,__FILE__) as $row)
{
$GLOBALS['egw_info']['server'][$row['config_name']] = $row['config_value'];
}
$from = $GLOBALS['egw_info']['server']['account_repository'];
if (!$from && !($from = $GLOBALS['egw_info']['server']['auth_type']))
{
$from = 'sql';
}
$to = $from == 'sql' ? 'ldap' : 'sql';
// for Univention: cant check /etc/lsb-release, because it's not in open_basedir!
if ($to == 'ldap' && Api\Accounts\Univention::available())
{
$to = 'univention';
}
$direction = strtoupper($from).' --> '.strtoupper($to);
$GLOBALS['egw_setup']->html->show_header($direction,False,'config',$GLOBALS['egw_setup']->ConfigDomain .
'(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')');
// create base one level off ldap_context
$base_parts = explode(',',$GLOBALS['egw_info']['server']['ldap_context']);
array_shift($base_parts);
$cmd = new setup_cmd_ldap(array(
'domain' => $GLOBALS['egw_setup']->ConfigDomain,
'sub_command' => $_POST['passwords2sql'] ? 'passwords_to_sql' : 'migrate_to_'.$to,
// allow to set ldap root DN (ldap_admin) to create instance specific admin DN and structure
'ldap_admin' => !empty($_POST['ldap_admin']) ? $_POST['ldap_admin'] : $GLOBALS['egw_info']['server']['ldap_root_dn'],
'ldap_admin_pw' => !empty($_POST['ldap_admin']) ? $_POST['ldap_admin_pw'] : $GLOBALS['egw_info']['server']['ldap_root_pw'],
'ldap_base' => implode(',',$base_parts),
'truncate_egw_accounts' => !empty($_POST['truncate_egw_accounts']),
)+$GLOBALS['egw_info']['server']);
if (!$_POST['migrate'] && !$_POST['passwords2sql'])
{
$accounts = $cmd->accounts($from);
// now outputting the account selection
$setup_tpl->set_block('migration','header','header');
$setup_tpl->set_block('migration','user_list','user_list');
$setup_tpl->set_block('migration','group_list','group_list');
$setup_tpl->set_block('migration','ldap_admin','ldap_admin');
$setup_tpl->set_block('migration','submit','submit');
$setup_tpl->set_block('migration','footer','footer');
$setup_tpl->set_block('migration','truncate_egw_accounts','truncate_egw_accounts');
foreach($accounts as $account_id => $account)
{
if ($account['account_type'] == 'g')
{
if (isset($accounts[abs($account_id)]))
{
$identical_account_id_warning .= lang('Group %1 uses identical ID %2 as user %3!', $account['account_lid'], abs($account_id), $accounts[abs($account_id)]['account_lid']);
}
$group_list .= '<option value="' . $account_id . '" selected="1">'. $account['account_lid'] . "</option>\n";
}
else
{
$user_list .= '<option value="' . $account_id . '" selected="1">'.
Api\Accounts::format_username($account['account_lid'],
$account['account_firstname'],$account['account_lastname']) . "</option>\n";
}
}
$setup_tpl->set_var('action_url','account_migration.php');
$setup_tpl->set_var('users',$user_list);
$setup_tpl->set_var('groups',$group_list);
$setup_tpl->set_var('description',lang('Migration between EGroupware account repositories').': '.$direction);
$setup_tpl->set_var('select_users',lang('Select which user(s) will be exported'));
$setup_tpl->set_var('select_groups',lang('Select which group(s) will be exported'));
$setup_tpl->set_var('memberships',$identical_account_id_warning ?
'<p style="color: red">'.$identical_account_id_warning.'<br/>'.lang('Migration of group will fail, as SQL does NOT allow identical IDs.').'</p>' :
lang('Group memberships will be migrated too.'));
$setup_tpl->set_var('ldap_admin_message', lang('Give LDAP root DN and password, if you need to create an instance specific admin user, user- or group-context'));
$setup_tpl->set_var('ldap_admin_label', lang('Root DN'));
$setup_tpl->set_var('ldap_admin_pw_label', lang('Root DN password'));
$setup_tpl->set_var('migrate',$direction);
$setup_tpl->set_var('cancel',lang('Cancel'));
if ($from == 'sql' && $GLOBALS['egw_info']['server']['auth_type'] == 'ldap')
{
$setup_tpl->set_var('extra_button', Api\Html::submit_button('passwords2sql', lang('Passwords --> SQL')));
}
$setup_tpl->pfp('out','header');
if($user_list)
{
$setup_tpl->pfp('out','user_list');
}
if($group_list)
{
$setup_tpl->pfp('out','group_list');
}
if ($to == 'ldap')
{
$setup_tpl->pfp('out','ldap_admin');
}
if ($to == 'sql')
{
$setup_tpl->set_var('truncate_egw_accounts_message', lang('Delete all existing accounts from SQL database'));
$setup_tpl->pfp('out','truncate_egw_accounts');
}
$setup_tpl->pfp('out','submit');
$setup_tpl->pfp('out','footer');
}
else // do the migration
{
// switching off execution time limit, as migration can take quite some time
@set_time_limit(0);
$cmd->only = (array)$_POST['users'];
if (empty($_POST['passwords2sql'])) $cmd->only = array_merge($cmd->only, (array)$_POST['groups']);
$cmd->verbose = true;
echo '<p align="center">'.str_replace("\n","</p>\n<p align='center'>",$cmd->run())."</p>\n";
// store new repostory (and auth_type), as we are migrated now
if ($_POST['migrate'])
{
Api\Config::save_value('account_repository', $GLOBALS['egw_info']['server']['account_repository']=$to, 'phpgwapi');
if ($to == 'univention') $to = 'ldap'; // there is no auth type "univention", just "ldap"
if (empty($GLOBALS['egw_info']['server']['auth_type']) || $GLOBALS['egw_info']['server']['auth_type'] == $from)
{
Api\Config::save_value('auth_type', $GLOBALS['egw_info']['server']['auth_type']=$to, 'phpgwapi');
}
}
echo '<p align="center">'.lang('Click <a href="index.php">here</a> to return to setup.')."</p>\n";
}
$GLOBALS['egw_setup']->html->show_footer();