2001-07-30 17:59:25 +02:00
< ? php
/************************************************************************** \
2004-01-27 21:49:25 +01:00
* eGroupWare - Setup *
* http :// www . egroupware . org *
2001-07-30 17:59:25 +02:00
* -------------------------------------------- *
* This program is free software ; you can redistribute it and / or modify it *
* under the terms of the GNU General Public License as published by the *
* Free Software Foundation ; either version 2 of the License , or ( at your *
* option ) any later version . *
\ **************************************************************************/
/* $Id$ */
2005-03-04 13:40:28 +01:00
$GLOBALS [ 'egw_info' ] = array (
'flags' => array (
'noheader' => True ,
'nonavbar' => True ,
'currentapp' => 'home' ,
'noapi' => True
));
2001-07-30 17:59:25 +02:00
include ( './inc/functions.inc.php' );
/* Authorize the user to use setup app and load the database */
2005-03-04 13:40:28 +01:00
if ( ! $GLOBALS [ 'egw_setup' ] -> auth ( 'Config' ))
2001-07-30 17:59:25 +02:00
{
Header ( 'Location: index.php' );
exit ;
}
/* Does not return unless user is authorized */
2001-12-18 03:20:31 +01:00
2001-07-30 17:59:25 +02:00
class phpgw
{
var $common ;
var $accounts ;
var $applications ;
var $db ;
}
$phpgw = new phpgw ;
$phpgw -> common = CreateObject ( 'phpgwapi.common' );
$common = $phpgw -> common ;
2005-03-04 13:40:28 +01:00
$GLOBALS [ 'egw_setup' ] -> loaddb ();
copyobj ( $GLOBALS [ 'egw_setup' ] -> db , $phpgw -> db );
2001-07-30 17:59:25 +02:00
2005-03-04 13:40:28 +01:00
$tpl_root = $GLOBALS [ 'egw_setup' ] -> html -> setup_tpl_dir ( 'setup' );
2002-08-12 01:54:58 +02:00
$setup_tpl = CreateObject ( 'setup.Template' , $tpl_root );
2001-07-30 17:59:25 +02:00
$setup_tpl -> set_file ( array (
'ldap' => 'ldap.tpl' ,
'T_head' => 'head.tpl' ,
'T_footer' => 'footer.tpl' ,
'T_alert_msg' => 'msg_alert_msg.tpl'
));
2005-03-04 13:40:28 +01:00
$GLOBALS [ 'egw_setup' ] -> db -> query ( " SELECT config_name,config_value FROM phpgw_config WHERE config_name LIKE 'ldap%' OR config_name='account_repository' " , __LINE__ , __FILE__ );
while ( $GLOBALS [ 'egw_setup' ] -> db -> next_record ())
2001-07-30 17:59:25 +02:00
{
2005-03-04 13:40:28 +01:00
$config [ $GLOBALS [ 'egw_setup' ] -> db -> f ( 'config_name' )] = $GLOBALS [ 'egw_setup' ] -> db -> f ( 'config_value' );
2001-07-30 17:59:25 +02:00
}
$phpgw_info [ 'server' ][ 'ldap_host' ] = $config [ 'ldap_host' ];
$phpgw_info [ 'server' ][ 'ldap_context' ] = $config [ 'ldap_context' ];
$phpgw_info [ 'server' ][ 'ldap_group_context' ] = $config [ 'ldap_group_context' ];
$phpgw_info [ 'server' ][ 'ldap_root_dn' ] = $config [ 'ldap_root_dn' ];
$phpgw_info [ 'server' ][ 'ldap_root_pw' ] = $config [ 'ldap_root_pw' ];
$phpgw_info [ 'server' ][ 'account_repository' ] = $config [ 'account_repository' ];
2004-01-05 13:32:00 +01:00
$phpgw_info [ 'server' ][ 'ldap_version3' ] = $config [ 'ldap_version3' ];
2001-07-30 17:59:25 +02:00
2003-12-19 13:34:45 +01:00
$phpgw -> accounts = CreateObject ( 'phpgwapi.accounts' );
$acct = $phpgw -> accounts ;
2001-07-30 17:59:25 +02:00
/* connect to ldap server */
2004-01-25 20:22:39 +01:00
if ( ! $ldap = $common -> ldapConnect ())
2001-07-30 17:59:25 +02:00
{
$noldapconnection = True ;
}
2004-01-25 20:22:39 +01:00
if ( $noldapconnection )
2001-07-30 17:59:25 +02:00
{
Header ( 'Location: config.php?error=badldapconnection' );
exit ;
}
$sr = ldap_search ( $ldap , $config [ 'ldap_context' ], '(|(uid=*))' , array ( 'cn' , 'givenname' , 'uid' , 'uidnumber' ));
$info = ldap_get_entries ( $ldap , $sr );
$tmp = '' ;
2004-01-25 20:22:39 +01:00
for ( $i = 0 ; $i < $info [ 'count' ]; $i ++ )
2001-07-30 17:59:25 +02:00
{
2004-01-25 20:22:39 +01:00
if ( ! $phpgw_info [ 'server' ][ 'global_denied_users' ][ $info [ $i ][ 'uid' ][ 0 ]])
2001-07-30 17:59:25 +02:00
{
$account_info [ $info [ $i ][ 'uidnumber' ][ 0 ]] = $info [ $i ];
}
}
2004-01-25 20:22:39 +01:00
if ( $phpgw_info [ 'server' ][ 'ldap_group_context' ])
2001-07-30 17:59:25 +02:00
{
$srg = ldap_search ( $ldap , $config [ 'ldap_group_context' ], '(|(cn=*))' , array ( 'gidnumber' , 'cn' , 'memberuid' ));
$info = ldap_get_entries ( $ldap , $srg );
$tmp = '' ;
2004-01-25 20:22:39 +01:00
for ( $i = 0 ; $i < $info [ 'count' ]; $i ++ )
2001-07-30 17:59:25 +02:00
{
2004-01-25 20:22:39 +01:00
if ( ! $phpgw_info [ 'server' ][ 'global_denied_groups' ][ $info [ $i ][ 'cn' ][ 0 ]] &&
! $account_info [ $i ][ $info [ $i ][ 'cn' ][ 0 ]])
2001-07-30 17:59:25 +02:00
{
$group_info [ $info [ $i ][ 'gidnumber' ][ 0 ]] = $info [ $i ];
}
}
}
else
{
$group_info = array ();
}
2005-03-04 13:40:28 +01:00
$GLOBALS [ 'egw_setup' ] -> db -> query ( " SELECT app_name FROM phpgw_applications WHERE app_enabled!='0' AND app_enabled!='3' ORDER BY app_name " , __LINE__ , __FILE__ );
while ( $GLOBALS [ 'egw_setup' ] -> db -> next_record ())
2001-07-30 17:59:25 +02:00
{
2005-03-04 13:40:28 +01:00
$apps [ $GLOBALS [ 'egw_setup' ] -> db -> f ( 'app_name' )] = lang ( $GLOBALS [ 'egw_setup' ] -> db -> f ( 'app_name' ));
2001-07-30 17:59:25 +02:00
}
2004-01-25 20:22:39 +01:00
if ( $cancel )
2001-07-30 17:59:25 +02:00
{
Header ( " Location: ldap.php " );
exit ;
}
2005-03-04 13:40:28 +01:00
$GLOBALS [ 'egw_setup' ] -> html -> show_header ( lang ( 'LDAP Modify' ), False , 'config' , $GLOBALS [ 'egw_setup' ] -> ConfigDomain . '(' . $GLOBALS [ 'egw_domain' ][ $GLOBALS [ 'egw_setup' ] -> ConfigDomain ][ 'db_type' ] . ')' );
2003-09-28 13:38:07 +02:00
$setup_complete = False ;
2004-01-25 20:22:39 +01:00
if ( isset ( $_POST [ 'submit' ]))
2001-07-30 17:59:25 +02:00
{
$acl = CreateObject ( 'phpgwapi.acl' );
2005-03-04 13:40:28 +01:00
copyobj ( $GLOBALS [ 'egw_setup' ] -> db , $acl -> db );
2004-01-25 20:22:39 +01:00
if ( isset ( $_POST [ 'ldapgroups' ]))
2001-07-30 17:59:25 +02:00
{
$groups = CreateObject ( 'phpgwapi.accounts' );
2005-03-04 13:40:28 +01:00
copyobj ( $GLOBALS [ 'egw_setup' ] -> db , $groups -> db );
2004-01-25 20:22:39 +01:00
while ( list ( $key , $groupid ) = each ( $_POST [ 'ldapgroups' ]))
2001-07-30 17:59:25 +02:00
{
$id_exist = 0 ;
$entry = array ();
$thisacctid = $group_info [ $groupid ][ 'gidnumber' ][ 0 ];
$thisacctlid = $group_info [ $groupid ][ 'cn' ][ 0 ];
/* echo "Updating GROUPID : ".$thisacctlid."<br>\n"; */
$thisfirstname = $group_info [ $groupid ][ 'cn' ][ 0 ];
$thismembers = $group_info [ $groupid ][ 'memberuid' ];
$thisdn = $group_info [ $groupid ][ 'dn' ];
/* Do some checks before we try to import the data. */
2004-01-25 20:22:39 +01:00
if ( ! empty ( $thisacctid ) && ! empty ( $thisacctlid ))
2001-07-30 17:59:25 +02:00
{
2003-12-19 13:34:45 +01:00
$groups -> account_id = ( int ) $thisacctid ;
2001-07-30 17:59:25 +02:00
$sr = ldap_search ( $ldap , $config [ 'ldap_group_context' ], 'cn=' . $thisacctlid );
$entry = ldap_get_entries ( $ldap , $sr );
reset ( $entry [ 0 ][ 'objectclass' ]);
$addclass = True ;
while ( list ( $key , $value ) = each ( $entry [ 0 ][ 'objectclass' ]))
{
if ( strtolower ( $value ) == 'phpgwaccount' )
{
$addclass = False ;
}
}
if ( $addclass )
{
reset ( $entry [ 0 ][ 'objectclass' ]);
$replace [ 'objectclass' ] = $entry [ 0 ][ 'objectclass' ];
2004-01-26 03:56:11 +01:00
unset ( $replace [ 'objectclass' ][ 'count' ]);
2001-07-30 17:59:25 +02:00
$replace [ 'objectclass' ][] = 'phpgwAccount' ;
2004-01-26 03:49:35 +01:00
sort ( $replace [ 'objectclass' ]);
2001-07-30 17:59:25 +02:00
ldap_mod_replace ( $ldap , $thisdn , $replace );
unset ( $replace );
unset ( $addclass );
}
unset ( $add );
if ( !@ isset ( $entry [ 0 ][ 'phpgwaccountstatus' ]))
{
2003-12-19 13:34:45 +01:00
$add [ 'phpgwaccountstatus' ][] = 'A' ;
2001-07-30 17:59:25 +02:00
}
if ( !@ isset ( $entry [ 0 ][ 'phpgwaccounttype' ]))
{
2003-12-19 13:34:45 +01:00
$add [ 'phpgwaccounttype' ][] = 'g' ;
2001-07-30 17:59:25 +02:00
}
if ( !@ isset ( $entry [ 0 ][ 'phpgwaccountexpires' ]))
{
2003-12-19 13:34:45 +01:00
$add [ 'phpgwaccountexpires' ][] = - 1 ;
2001-07-30 17:59:25 +02:00
}
if ( @ isset ( $add ))
{
ldap_mod_add ( $ldap , $thisdn , $add );
}
/* Now make the members a member of this group in phpgw. */
2003-08-30 08:06:11 +02:00
if ( is_array ( $thismembers ))
2001-07-30 17:59:25 +02:00
{
2003-08-30 08:06:11 +02:00
foreach ( $thismembers as $key => $members )
2001-07-30 17:59:25 +02:00
{
2004-01-25 20:22:39 +01:00
if ( $key == 'count' )
2001-07-30 17:59:25 +02:00
{
2003-08-30 08:06:11 +02:00
continue ;
}
/* echo '<br>members: ' . $members; */
$tmpid = 0 ;
@ reset ( $account_info );
while ( list ( $x , $y ) = each ( $account_info ))
{
/* echo '<br>checking: '.$y['account_lid']; */
2004-01-25 20:22:39 +01:00
if ( $members == $y [ 'account_lid' ])
2003-08-30 08:06:11 +02:00
{
$tmpid = $y [ 'account_id' ];
}
}
// Insert acls for this group based on memberuid field.
// Since the group has app rights, we don't need to give users
// these rights. Instead, we maintain group membership here.
if ( $tmpid )
{
2003-12-19 13:34:45 +01:00
$acl -> account_id = ( int ) $tmpid ;
2003-08-30 08:06:11 +02:00
$acl -> read_repository ();
$acl -> delete ( 'phpgw_group' , $thisacctid , 1 );
$acl -> add ( 'phpgw_group' , $thisacctid , 1 );
// Now add the acl to let them change their password
$acl -> delete ( 'preferences' , 'changepassword' , 1 );
$acl -> add ( 'preferences' , 'changepassword' , 1 );
$acl -> save_repository ();
2001-07-30 17:59:25 +02:00
}
}
}
/* Now give this group some rights */
$phpgw_info [ 'user' ][ 'account_id' ] = $thisacctid ;
2003-12-19 13:34:45 +01:00
$acl -> account_id = ( int ) $thisacctid ;
2001-07-30 17:59:25 +02:00
$acl -> read_repository ();
2004-01-25 20:22:39 +01:00
@ reset ( $_POST [ 's_apps' ]);
while ( list ( $key , $app ) = @ each ( $_POST [ 's_apps' ]))
2001-07-30 17:59:25 +02:00
{
$acl -> delete ( $app , 'run' , 1 );
$acl -> add ( $app , 'run' , 1 );
}
$acl -> save_repository ();
$defaultgroupid = $thisacctid ;
}
}
}
2003-09-28 13:38:07 +02:00
if ( isset ( $_POST [ 'users' ]))
2001-07-30 17:59:25 +02:00
{
$accounts = CreateObject ( 'phpgwapi.accounts' );
2005-03-04 13:40:28 +01:00
copyobj ( $GLOBALS [ 'egw_setup' ] -> db , $accounts -> db );
2004-01-25 20:22:39 +01:00
while ( list ( $key , $id ) = each ( $_POST [ 'users' ]))
2001-07-30 17:59:25 +02:00
{
$id_exist = 0 ;
$thisacctid = $account_info [ $id ][ 'uidnumber' ][ 0 ];
$thisacctlid = $account_info [ $id ][ 'uid' ][ 0 ];
/* echo "Updating USERID : ".$thisacctlid."<br>\n"; */
$thisdn = $account_info [ $id ][ 'dn' ];
/* Do some checks before we try to import the data. */
2004-01-25 20:22:39 +01:00
if ( ! empty ( $thisacctid ) && ! empty ( $thisacctlid ))
2001-07-30 17:59:25 +02:00
{
2003-12-19 13:34:45 +01:00
$accounts -> account_id = ( int ) $thisacctid ;
2001-07-30 17:59:25 +02:00
$sr = ldap_search ( $ldap , $config [ 'ldap_context' ], 'uid=' . $thisacctlid );
$entry = ldap_get_entries ( $ldap , $sr );
reset ( $entry [ 0 ][ 'objectclass' ]);
$addclass = True ;
while ( list ( $key , $value ) = each ( $entry [ 0 ][ 'objectclass' ]))
{
if ( strtolower ( $value ) == 'phpgwaccount' )
{
$addclass = False ;
}
}
if ( $addclass )
{
reset ( $entry [ 0 ][ 'objectclass' ]);
$replace [ 'objectclass' ] = $entry [ 0 ][ 'objectclass' ];
2003-09-28 13:38:07 +02:00
unset ( $replace [ 'objectclass' ][ 'count' ]);
2001-07-30 17:59:25 +02:00
$replace [ 'objectclass' ][] = 'phpgwAccount' ;
2004-01-26 03:56:11 +01:00
sort ( $replace [ 'objectclass' ]);
2001-07-30 17:59:25 +02:00
ldap_mod_replace ( $ldap , $thisdn , $replace );
unset ( $replace );
unset ( $addclass );
}
unset ( $add );
if ( !@ isset ( $entry [ 0 ][ 'phpgwaccountstatus' ]))
{
2003-12-19 13:34:45 +01:00
$add [ 'phpgwaccountstatus' ][] = 'A' ;
2001-07-30 17:59:25 +02:00
}
if ( !@ isset ( $entry [ 0 ][ 'phpgwaccounttype' ]))
{
2003-12-19 13:34:45 +01:00
$add [ 'phpgwaccounttype' ][] = 'u' ;
2001-07-30 17:59:25 +02:00
}
if ( !@ isset ( $entry [ 0 ][ 'phpgwaccountexpires' ]))
{
2003-12-19 13:34:45 +01:00
$add [ 'phpgwaccountexpires' ][] = - 1 ;
2001-07-30 17:59:25 +02:00
}
if ( @ isset ( $add ))
{
ldap_mod_add ( $ldap , $thisdn , $add );
}
/*
Insert default acls for this user .
Since the group has app rights , we don ' t need to give users
these rights .
*/
2003-12-19 13:34:45 +01:00
$acl -> account_id = ( int ) $thisacctid ;
2001-07-30 17:59:25 +02:00
$acl -> read_repository ();
2001-08-02 11:33:24 +02:00
/*
However , if no groups were imported , we do need to give each user
apps access
*/
2003-09-28 13:38:07 +02:00
if ( empty ( $_POST [ 'ldapgroups' ]))
2001-08-02 11:33:24 +02:00
{
2003-09-28 13:38:07 +02:00
@ reset ( $_POST [ 's_apps' ]);
2004-01-25 20:22:39 +01:00
while ( list ( $key , $app ) = @ each ( $_POST [ 's_apps' ]))
2001-08-02 11:33:24 +02:00
{
$acl -> delete ( $app , 'run' , 1 );
$acl -> add ( $app , 'run' , 1 );
}
}
2001-07-30 17:59:25 +02:00
// Now add the acl to let them change their password
$acl -> delete ( 'preferences' , 'changepassword' , 1 );
$acl -> add ( 'preferences' , 'changepassword' , 1 );
/*
Only give them admin if we asked for them to have it .
This is typically an exception to apps for run rights
as a group member .
*/
2004-01-25 20:22:39 +01:00
for ( $a = 0 ; $a <= count ( $_POST [ 'admins' ]); $a ++ )
2001-07-30 17:59:25 +02:00
{
2004-01-25 20:22:39 +01:00
if ( $_POST [ 'admins' ][ $a ] == $thisacctid )
2001-07-30 17:59:25 +02:00
{
$acl -> delete ( 'admin' , 'run' , 1 );
$acl -> add ( 'admin' , 'run' , 1 );
}
}
/* Save these new acls. */
$acl -> save_repository ();
}
}
}
$setup_complete = True ;
}
2004-01-25 20:22:39 +01:00
if ( isset ( $_GET [ 'error' ]))
2001-07-30 17:59:25 +02:00
{
/* echo '<br><center><b>Error:</b> '.$error.'</center>'; */
2005-03-04 13:40:28 +01:00
$GLOBALS [ 'egw_setup' ] -> html -> show_alert_msg ( 'Error' , $_GET [ 'error' ]);
2001-07-30 17:59:25 +02:00
}
2004-01-25 20:22:39 +01:00
if ( $setup_complete )
2001-07-30 17:59:25 +02:00
{
2003-08-28 16:31:11 +02:00
echo '<br><center>' . lang ( 'Modifications have been completed!' ) . ' ' . lang ( 'Click <a href="index.php">here</a> to return to setup.' ) . '<br><center>' ;
2005-03-04 13:40:28 +01:00
$GLOBALS [ 'egw_setup' ] -> html -> show_footer ();
2001-07-30 17:59:25 +02:00
exit ;
}
$setup_tpl -> set_block ( 'ldap' , 'header' , 'header' );
$setup_tpl -> set_block ( 'ldap' , 'user_list' , 'user_list' );
$setup_tpl -> set_block ( 'ldap' , 'admin_list' , 'admin_list' );
$setup_tpl -> set_block ( 'ldap' , 'group_list' , 'group_list' );
$setup_tpl -> set_block ( 'ldap' , 'app_list' , 'app_list' );
$setup_tpl -> set_block ( 'ldap' , 'submit' , 'submit' );
$setup_tpl -> set_block ( 'ldap' , 'footer' , 'footer' );
2003-09-28 13:38:07 +02:00
$user_list = '' ;
2004-01-25 20:22:39 +01:00
while ( list ( $key , $account ) = @ each ( $account_info ))
2001-07-30 17:59:25 +02:00
{
2003-09-28 13:38:07 +02:00
$user_list .= '<option value="' . $account [ 'uidnumber' ][ 0 ] . '">' . utf8_decode ( $account [ 'cn' ][ 0 ]) . ' (' . $account [ 'uid' ][ 0 ] . ')</option>' ;
2001-07-30 17:59:25 +02:00
}
2003-09-28 13:38:07 +02:00
$admin_list = '' ;
2001-07-30 17:59:25 +02:00
@ reset ( $account_info );
while ( list ( $key , $account ) = @ each ( $account_info ))
{
2003-09-28 13:38:07 +02:00
$admin_list .= '<option value="' . $account [ 'uidnumber' ][ 0 ] . '">' . utf8_decode ( $account [ 'cn' ][ 0 ]) . ' (' . $account [ 'uid' ][ 0 ] . ')</option>' ;
2001-07-30 17:59:25 +02:00
}
2003-09-28 13:38:07 +02:00
$group_list = '' ;
2004-01-25 20:22:39 +01:00
while ( list ( $key , $group ) = @ each ( $group_info ))
2001-07-30 17:59:25 +02:00
{
2003-08-30 08:06:11 +02:00
$group_list .= '<option value="' . $group [ 'gidnumber' ][ 0 ] . '">' . utf8_decode ( $group [ 'cn' ][ 0 ]) . '</option>' ;
2001-07-30 17:59:25 +02:00
}
2003-09-28 13:38:07 +02:00
$app_list = '' ;
2002-05-14 15:43:34 +02:00
while ( list ( $appname , $apptitle ) = each ( $apps ))
2001-07-30 17:59:25 +02:00
{
2002-05-14 15:43:34 +02:00
if ( $appname == 'admin' ||
$appname == 'skel' ||
$appname == 'backup' ||
$appname == 'netsaint' ||
$appname == 'developer_tools' ||
$appname == 'phpsysinfo' ||
$appname == 'eldaptir' ||
$appname == 'qmailldap' )
2001-07-30 17:59:25 +02:00
{
2002-05-14 15:43:34 +02:00
$app_list .= '<option value="' . $appname . '">' . $apptitle . '</option>' ;
2001-07-30 17:59:25 +02:00
}
else
{
2002-05-14 15:43:34 +02:00
$app_list .= '<option value="' . $appname . '" selected>' . $apptitle . '</option>' ;
2001-07-30 17:59:25 +02:00
}
}
$setup_tpl -> set_var ( 'action_url' , 'ldapmodify.php' );
$setup_tpl -> set_var ( 'users' , $user_list );
$setup_tpl -> set_var ( 'admins' , $admin_list );
$setup_tpl -> set_var ( 'ldapgroups' , $group_list );
$setup_tpl -> set_var ( 's_apps' , $app_list );
$setup_tpl -> set_var ( 'ldap_import' , lang ( 'LDAP Modify' ));
2003-12-19 13:34:45 +01:00
$setup_tpl -> set_var ( 'description' , lang ( " This section will help you setup your LDAP accounts for use with eGroupWare " ) . '.' );
2001-07-30 17:59:25 +02:00
$setup_tpl -> set_var ( 'select_users' , lang ( 'Select which user(s) will be modified' ));
$setup_tpl -> set_var ( 'select_admins' , lang ( 'Select which user(s) will also have admin privileges' ));
$setup_tpl -> set_var ( 'select_groups' , lang ( 'Select which group(s) will be modified (group membership will be maintained)' ));
$setup_tpl -> set_var ( 'select_apps' , lang ( 'Select the default applications to which your users will have access' ) . '.' );
$setup_tpl -> set_var ( 'form_submit' , lang ( 'Modify' ));
$setup_tpl -> set_var ( 'cancel' , lang ( 'Cancel' ));
$setup_tpl -> pfp ( 'out' , 'header' );
$setup_tpl -> pfp ( 'out' , 'user_list' );
$setup_tpl -> pfp ( 'out' , 'admin_list' );
$setup_tpl -> pfp ( 'out' , 'group_list' );
$setup_tpl -> pfp ( 'out' , 'app_list' );
$setup_tpl -> pfp ( 'out' , 'submit' );
$setup_tpl -> pfp ( 'out' , 'footer' );
2002-03-03 22:53:00 +01:00
2005-03-04 13:40:28 +01:00
$GLOBALS [ 'egw_setup' ] -> html -> show_footer ();
2001-07-30 17:59:25 +02:00
?>