2001-07-30 17:59:25 +02:00
< ? php
/************************************************************************** \
* phpGroupWare - Setup *
* http :// www . phpgroupware . org *
* -------------------------------------------- *
* This program is free software ; you can redistribute it and / or modify it *
* under the terms of the GNU General Public License as published by the *
* Free Software Foundation ; either version 2 of the License , or ( at your *
* option ) any later version . *
\ **************************************************************************/
/* $Id$ */
$phpgw_info [ " flags " ] = array (
'noheader' => True ,
'nonavbar' => True ,
'currentapp' => 'home' ,
'noapi' => True
);
include ( '../header.inc.php' );
include ( './inc/functions.inc.php' );
// Authorize the user to use setup app and load the database
if ( ! $phpgw_setup -> auth ( 'Config' ))
{
Header ( 'Location: index.php' );
exit ;
}
// Does not return unless user is authorized
class phpgw
{
var $common ;
var $accounts ;
var $applications ;
var $db ;
}
$phpgw = new phpgw ;
$phpgw -> common = CreateObject ( 'phpgwapi.common' );
$common = $phpgw -> common ;
$phpgw_setup -> loaddb ();
$phpgw -> db = $phpgw_setup -> db ;
$tpl_root = $phpgw_setup -> setup_tpl_dir ( 'setup' );
$setup_tpl = CreateObject ( 'phpgwapi.Template' , $tpl_root );
$setup_tpl -> set_file ( array (
'ldap' => 'ldap.tpl' ,
'T_head' => 'head.tpl' ,
'T_footer' => 'footer.tpl' ,
'T_alert_msg' => 'msg_alert_msg.tpl'
));
$phpgw_info [ 'server' ][ 'auth_type' ] = 'ldap' ;
$phpgw -> applications = CreateObject ( 'phpgwapi.applications' );
$applications = $phpgw -> applications ;
$phpgw_setup -> db -> query ( " SELECT config_name,config_value FROM phpgw_config WHERE config_name LIKE 'ldap%' OR config_name='account_repository' " , __LINE__ , __FILE__ );
while ( $phpgw_setup -> db -> next_record ())
{
$config [ $phpgw_setup -> db -> f ( 'config_name' )] = $phpgw_setup -> db -> f ( 'config_value' );
}
$phpgw_info [ 'server' ][ 'ldap_host' ] = $config [ 'ldap_host' ];
$phpgw_info [ 'server' ][ 'ldap_context' ] = $config [ 'ldap_context' ];
$phpgw_info [ 'server' ][ 'ldap_group_context' ] = $config [ 'ldap_group_context' ];
$phpgw_info [ 'server' ][ 'ldap_root_dn' ] = $config [ 'ldap_root_dn' ];
$phpgw_info [ 'server' ][ 'ldap_root_pw' ] = $config [ 'ldap_root_pw' ];
$phpgw_info [ 'server' ][ 'account_repository' ] = $config [ 'account_repository' ];
$phpgw -> accounts = CreateObject ( 'phpgwapi.accounts' );
$acct = $phpgw -> accounts ;
// First, see if we can connect to the LDAP server, if not send `em back to config.php with an
// error message.
// connect to ldap server
if ( ! $ldap = $common -> ldapConnect ())
{
$noldapconnection = True ;
}
if ( $noldapconnection )
{
Header ( 'Location: config.php?error=badldapconnection' );
exit ;
}
$sr = ldap_search ( $ldap , $config [ 'ldap_context' ], '(|(uid=*))' , array ( 'sn' , 'givenname' , 'uid' , 'uidnumber' ));
$info = ldap_get_entries ( $ldap , $sr );
$tmp = '' ;
for ( $i = 0 ; $i < $info [ 'count' ]; $i ++ )
{
if ( ! $phpgw_info [ 'server' ][ 'global_denied_users' ][ $info [ $i ][ 'uid' ][ 0 ]])
{
$tmp = $info [ $i ][ 'uidnumber' ][ 0 ];
$account_info [ $tmp ][ 'account_id' ] = $info [ $i ][ 'uidnumber' ][ 0 ];
$account_info [ $tmp ][ 'account_lid' ] = $info [ $i ][ 'uid' ][ 0 ];
$account_info [ $tmp ][ 'account_firstname' ] = $info [ $i ][ 'givenname' ][ 0 ];
$account_info [ $tmp ][ 'account_lastname' ] = $info [ $i ][ 'sn' ][ 0 ];
$account_info [ $tmp ][ 'account_passwd' ] = $info [ $i ][ 'userpassword' ][ 0 ];
}
}
if ( $phpgw_info [ 'server' ][ 'ldap_group_context' ])
{
$srg = ldap_search ( $ldap , $config [ 'ldap_group_context' ], '(|(cn=*))' , array ( 'gidnumber' , 'cn' , 'memberuid' ));
$info = ldap_get_entries ( $ldap , $srg );
$tmp = '' ;
for ( $i = 0 ; $i < $info [ 'count' ]; $i ++ )
{
if ( ! $phpgw_info [ 'server' ][ 'global_denied_groups' ][ $info [ $i ][ 'cn' ][ 0 ]] &&
! $account_info [ $i ][ $info [ $i ][ 'cn' ][ 0 ]])
{
$tmp = $info [ $i ][ 'gidnumber' ][ 0 ];
$group_info [ $tmp ][ 'account_id' ] = $info [ $i ][ 'gidnumber' ][ 0 ];
$group_info [ $tmp ][ 'account_lid' ] = $info [ $i ][ 'cn' ][ 0 ];
$group_info [ $tmp ][ 'members' ] = $info [ $i ][ 'memberuid' ];
$group_info [ $tmp ][ 'account_firstname' ] = $info [ $i ][ 'cn' ][ 0 ];
$group_info [ $tmp ][ 'account_lastname' ] = 'Group' ;
}
}
}
else
{
$group_info = array ();
}
$phpgw_setup -> db -> query ( " SELECT app_name,app_title FROM phpgw_applications WHERE app_enabled != '0' AND app_enabled != '3' AND "
. " app_name != 'administration' ORDER BY app_title " , __LINE__ , __FILE__ );
while ( $phpgw_setup -> db -> next_record ())
{
$apps [ $phpgw_setup -> db -> f ( 'app_name' )] = $phpgw_setup -> db -> f ( 'app_title' );
}
if ( $cancel )
{
Header ( " Location: ldap.php " );
exit ;
}
if ( $submit )
{
if ( ! count ( $admins ))
{
$error = '<br>You must select at least 1 admin' ;
}
if ( ! count ( $s_apps ))
{
$error .= '<br>You must select at least 1 application' ;
}
if ( ! $error )
{
if ( $users )
{
while ( list ( $key , $id ) = each ( $users ))
{
$id_exist = 0 ;
$thisacctid = $account_info [ $id ][ 'account_id' ];
$thisacctlid = $account_info [ $id ][ 'account_lid' ];
$thisfirstname = $account_info [ $id ][ 'account_firstname' ];
$thislastname = $account_info [ $id ][ 'account_lastname' ];
$thispasswd = $account_info [ $id ][ 'account_passwd' ];
// Do some checks before we try to import the data.
if ( ! empty ( $thisacctid ) && ! empty ( $thisacctlid ))
{
$accounts = CreateObject ( 'phpgwapi.accounts' , intval ( $thisacctid ));
$accounts -> db = $phpgw_setup -> db ;
// Check if the account is already there.
// If so, we won't try to create it again.
$acct_exist = $acct -> name2id ( $thisacctlid );
if ( $acct_exist )
{
$thisacctid = $acct_exist ;
}
$id_exist = $accounts -> exists ( $thisacctlid );
// If not, create it now.
if ( ! $id_exist )
{
$thisaccount_info = array (
'account_type' => 'u' ,
'account_lid' => $thisacctlid ,
'account_passwd' => 'x' ,
/* 'account_passwd' => $thispasswd, */
'account_firstname' => $thisfirstname ,
'account_lastname' => $thislastname ,
'account_status' => 'A' ,
'account_expires' => - 1
);
$accounts -> create ( $thisaccount_info );
$thisacctid = $acct -> name2id ( $thisacctlid );
}
// Insert default acls for this user.
// Since the group has app rights, we don't need to give users
// these rights. Instead, we make the user a member of the Default group
// below.
$acl = CreateObject ( 'phpgwapi.acl' , intval ( $thisacctid ));
$acl -> db = $phpgw_setup -> db ;
$acl -> read_repository ();
// Only give them admin if we asked for them to have it.
// This is typically an exception to apps for run rights
// as a group member.
for ( $a = 0 ; $a < count ( $admins ); $a ++ )
{
if ( $admins [ $a ] == $thisacctlid )
{
$acl -> delete ( 'admin' , 'run' , 1 );
$acl -> add ( 'admin' , 'run' , 1 );
}
}
// Now make them a member of the 'Default' group.
// But, only if the current user is not the group itself.
if ( ! $defaultgroupid )
{
$defaultgroupid = $accounts -> name2id ( 'Default' );
}
if ( $defaultgroupid )
{
$acl -> delete ( 'phpgw_group' , $defaultgroupid , 1 );
$acl -> add ( 'phpgw_group' , $defaultgroupid , 1 );
}
// Save these new acls.
$acl -> save_repository ();
}
}
}
if ( $ldapgroups )
{
while ( list ( $key , $groupid ) = each ( $ldapgroups ))
{
$id_exist = 0 ;
$thisacctid = $group_info [ $groupid ][ 'account_id' ];
$thisacctlid = $group_info [ $groupid ][ 'account_lid' ];
$thisfirstname = $group_info [ $groupid ][ 'account_firstname' ];
$thislastname = $group_info [ $groupid ][ 'account_lastname' ];
$thismembers = $group_info [ $groupid ][ 'members' ];
// Do some checks before we try to import the data.
if ( ! empty ( $thisacctid ) && ! empty ( $thisacctlid ))
{
$groups = CreateObject ( 'phpgwapi.accounts' , intval ( $thisacctid ));
$groups -> db = $phpgw_setup -> db ;
// Check if the account is already there.
// If so, we won't try to create it again.
$acct_exist = $groups -> name2id ( $thisacctlid );
/* echo '<br<group: ' . $acct_exist; */
if ( $acct_exist )
{
$thisacctid = $acct_exist ;
}
$id_exist = $groups -> exists ( intval ( $thisacctid ));
// If not, create it now.
if ( ! $id_exist )
{
$thisgroup_info = array (
'account_type' => 'g' ,
'account_lid' => $thisacctlid ,
'account_passwd' => $passwd ,
'account_firstname' => $thisfirstname ,
'account_lastname' => $thislastname ,
'account_status' => 'A' ,
'account_expires' => - 1
);
$groups -> create ( $thisgroup_info );
$thisacctid = $acct -> name2id ( $thisacctlid );
}
// Now make them a member of this group in phpgw.
while ( list ( $key , $members ) = each ( $thismembers ))
{
if ( $key == 'count' )
{
continue ;
}
/* echo '<br>members: ' . $members; */
$tmpid = 0 ;
@ reset ( $account_info );
while ( list ( $x , $y ) = each ( $account_info ))
{
/* echo '<br>checking: '.$y['account_lid']; */
if ( $members == $y [ 'account_lid' ])
{
$tmpid = $acct -> name2id ( $y [ 'account_lid' ]);
}
}
/*
Insert acls for this group based on memberuid field .
Since the group has app rights , we don ' t need to give users
these rights . Instead , we maintain group membership here .
*/
if ( $tmpid )
{
$acl = CreateObject ( 'phpgwapi.acl' , $tmpid );
$acl -> db = $phpgw_setup -> db ;
$acl -> account_id = intval ( $tmpid );
$acl -> read_repository ();
$acl -> delete ( 'phpgw_group' , $thisacctid , 1 );
$acl -> add ( 'phpgw_group' , $thisacctid , 1 );
2001-08-21 20:48:50 +02:00
/* Now add the acl to let them change their password */
2001-07-30 17:59:25 +02:00
$acl -> delete ( 'preferences' , 'changepassword' , 1 );
$acl -> add ( 'preferences' , 'changepassword' , 1 );
$acl -> save_repository ();
2001-08-21 20:48:50 +02:00
/* Add prefs for selected apps here , since they are per - user .
App access is added below .
*/
$pref = CreateObject ( 'phpgwapi.preferences' , $tmpid );
$pref -> db = $phpgw_setup -> db ;
$pref -> account_id = intval ( $tmpid );
$pref -> read_repository ();
@ reset ( $s_apps );
while ( list ( $key , $app ) = each ( $s_apps ))
{
$phpgw -> common -> hook_single ( 'add_def_pref' , $app );
}
$pref -> save_repository ();
2001-07-30 17:59:25 +02:00
}
}
/* Now give this group some rights */
$phpgw_info [ 'user' ][ 'account_id' ] = $thisacctid ;
$acl = CreateObject ( 'phpgwapi.acl' );
$acl -> db = $phpgw_setup -> db ;
$acl -> account_id = intval ( $thisacctid );
$acl -> read_repository ();
@ reset ( $s_apps );
while ( list ( $key , $app ) = each ( $s_apps ))
{
$acl -> delete ( $app , 'run' , 1 );
$acl -> add ( $app , 'run' , 1 );
}
$acl -> save_repository ();
$defaultgroupid = $thisacctid ;
}
}
}
else
{
/* Create the 'Default' group */
$groups = CreateObject ( 'phpgwapi.accounts' , $defaultgroupid );
$groups -> db = $phpgw_setup -> db ;
// Check if the group account is already there.
// If so, set our group_id to that account's id for use below.
$acct_exist = $groups -> name2id ( 'Default' );
if ( $acct_exist )
{
$defaultgroupid = $acct_exist ;
}
$id_exist = $groups -> exists ( intval ( $defaultgroupid ));
// if not, create it, using our original groupid.
if ( $id_exist )
{
$groups -> delete ( $defaultgroupid );
}
$thisgroup_info = array (
'account_type' => 'g' ,
'account_lid' => 'Default' ,
'account_passwd' => $passwd ,
'account_firstname' => 'Default' ,
'account_lastname' => 'Group' ,
'account_status' => 'A' ,
'account_expires' => - 1
);
$acct -> create ( $thisgroup_info );
$defaultgroupid = $acct -> name2id ( 'Default' );
$acl = CreateObject ( 'phpgwapi.acl' , $defaultgroupid );
$acl -> db = $phpgw_setup -> db ;
$acl -> account_id = intval ( $defaultgroupid );
$acl -> read_repository ();
@ reset ( $s_apps );
while ( list ( $key , $app ) = each ( $s_apps ))
{
$acl -> delete ( $app , 'run' , 1 );
$acl -> add ( $app , 'run' , 1 );
}
$acl -> save_repository ();
} //end default group creation
}
$setup_complete = True ;
}
$phpgw_setup -> show_header ( 'LDAP Import' , '' , 'ldapimport' , $ConfigDomain );
if ( $error )
{
//echo '<br><center><b>Error:</b> '.$error.'</center>';
$phpgw_setup -> show_alert_msg ( 'Error' , $error );
}
if ( $setup_complete )
{
echo lang ( '<br><center>Import has been completed! Click <a href="index.php">here</a> to return to setup </center>' );
$phpgw_setup -> show_footer ();
exit ;
}
$setup_tpl -> set_block ( 'ldap' , 'header' , 'header' );
$setup_tpl -> set_block ( 'ldap' , 'user_list' , 'user_list' );
$setup_tpl -> set_block ( 'ldap' , 'admin_list' , 'admin_list' );
$setup_tpl -> set_block ( 'ldap' , 'group_list' , 'group_list' );
$setup_tpl -> set_block ( 'ldap' , 'app_list' , 'app_list' );
$setup_tpl -> set_block ( 'ldap' , 'submit' , 'submit' );
$setup_tpl -> set_block ( 'ldap' , 'footer' , 'footer' );
while ( list ( $key , $account ) = each ( $account_info ))
{
$user_list .= '<option value="' . $account [ 'account_id' ] . '">'
. $common -> display_fullname ( $account [ 'account_lid' ], $account [ 'account_firstname' ], $account [ 'account_lastname' ])
. '</option>' ;
}
@ reset ( $account_info );
while ( list ( $key , $account ) = each ( $account_info ))
{
$admin_list .= '<option value="' . $account [ 'account_lid' ] . '">'
. $common -> display_fullname ( $account [ 'account_lid' ], $account [ 'account_firstname' ], $account [ 'account_lastname' ])
. '</option>' ;
}
while ( list ( $key , $group ) = each ( $group_info ))
{
$group_list .= '<option value="' . $group [ 'account_id' ] . '">'
. $group [ 'account_lid' ]
. '</option>' ;
}
while ( list ( $apptitle , $appname ) = each ( $apps ))
{
if ( $apptitle != 'admin' )
{
$app_list .= '<option value="' . $apptitle . '" selected>' . $appname . '</option>' ;
}
else
{
$app_list .= '<option value="' . $apptitle . '">' . $appname . '</option>' ;
}
}
$setup_tpl -> set_var ( 'action_url' , 'ldapimport.php' );
$setup_tpl -> set_var ( 'users' , $user_list );
$setup_tpl -> set_var ( 'admins' , $admin_list );
$setup_tpl -> set_var ( 'ldapgroups' , $group_list );
$setup_tpl -> set_var ( 's_apps' , $app_list );
$setup_tpl -> set_var ( 'ldap_import' , lang ( 'LDAP import users' ));
$setup_tpl -> set_var ( 'description' , lang ( " This section will help you import users and groups from your LDAP tree into phpGroupWare's account tables " ) . '.' );
$setup_tpl -> set_var ( 'select_users' , lang ( 'Select which user(s) will be imported' ));
$setup_tpl -> set_var ( 'select_admins' , lang ( 'Select which user(s) will have admin privileges' ));
$setup_tpl -> set_var ( 'select_groups' , lang ( 'Select which group(s) will be imported (group membership will be maintained)' ));
$setup_tpl -> set_var ( 'select_apps' , lang ( 'Select the default applications to which your users will have access' ) . '.' );
$setup_tpl -> set_var ( 'note' , lang ( 'Note: You will be able to customize this later' ) . '.' );
$setup_tpl -> set_var ( 'form_submit' , 'import' );
$setup_tpl -> set_var ( 'cancel' , lang ( 'Cancel' ));
$setup_tpl -> pfp ( 'out' , 'header' );
$setup_tpl -> pfp ( 'out' , 'user_list' );
$setup_tpl -> pfp ( 'out' , 'admin_list' );
$setup_tpl -> pfp ( 'out' , 'group_list' );
$setup_tpl -> pfp ( 'out' , 'app_list' );
$setup_tpl -> pfp ( 'out' , 'submit' );
$setup_tpl -> pfp ( 'out' , 'footer' );
$phpgw_setup -> show_footer ();
?>