WIP account-migration incl. mail-attributes AD --> SQL --> Univentionapi/src/Accounts*

This commit is contained in:
Ralf Becker 2018-06-25 14:40:38 +02:00
parent a11b9a266b
commit 2353439517
2 changed files with 27 additions and 3 deletions

View File

@ -45,7 +45,8 @@ if (!is_object($GLOBALS['egw_setup']->db))
} }
// Load configuration values account_repository and auth_type, as setup has not yet done so // Load configuration values account_repository and auth_type, as setup has not yet done so
foreach($GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value', foreach($GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',
"config_name LIKE 'ldap%' OR config_name LIKE 'account_%' OR config_name LIKE '%encryption%' OR config_name='auth_type' OR config_name='mail_suffix' OR config_name LIKE 'ads_%'", "config_name LIKE 'ldap%' OR config_name LIKE 'account_%' OR config_name LIKE '%encryption%' OR ".
"config_name IN ('auth_type','install_id','mail_suffix') OR config_name LIKE 'ads_%'",
__LINE__,__FILE__) as $row) __LINE__,__FILE__) as $row)
{ {
$GLOBALS['egw_info']['server'][$row['config_name']] = $row['config_value']; $GLOBALS['egw_info']['server'][$row['config_name']] = $row['config_value'];
@ -58,7 +59,7 @@ if (!$from && !($from = $GLOBALS['egw_info']['server']['auth_type']))
$to = $from == 'sql' ? 'ldap' : 'sql'; $to = $from == 'sql' ? 'ldap' : 'sql';
// for Univention: cant check /etc/lsb-release, because it's not in open_basedir! // for Univention: cant check /etc/lsb-release, because it's not in open_basedir!
if ($to == 'ldap' && @file_exists('/usr/share/univention-directory-manager-tools')) if ($to == 'ldap' && Api\Accounts\Univention::available())
{ {
$to = 'univention'; $to = 'univention';
} }
@ -154,6 +155,9 @@ if (!$_POST['migrate'] && !$_POST['passwords2sql'])
} }
else // do the migration else // do the migration
{ {
// switching off execution time limit, as migration can take quite some time
@set_time_limit(0);
$cmd->only = (array)$_POST['users']; $cmd->only = (array)$_POST['users'];
if (empty($_POST['passwords2sql'])) $cmd->only = array_merge($cmd->only, (array)$_POST['groups']); if (empty($_POST['passwords2sql'])) $cmd->only = array_merge($cmd->only, (array)$_POST['groups']);
$cmd->verbose = true; $cmd->verbose = true;
@ -163,6 +167,7 @@ else // do the migration
if ($_POST['migrate']) if ($_POST['migrate'])
{ {
Api\Config::save_value('account_repository', $GLOBALS['egw_info']['server']['account_repository']=$to, 'phpgwapi'); Api\Config::save_value('account_repository', $GLOBALS['egw_info']['server']['account_repository']=$to, 'phpgwapi');
if ($to == 'univention') $to = 'ldap'; // there is no auth type "univention", just "ldap"
if (empty($GLOBALS['egw_info']['server']['auth_type']) || $GLOBALS['egw_info']['server']['auth_type'] == $from) if (empty($GLOBALS['egw_info']['server']['auth_type']) || $GLOBALS['egw_info']['server']['auth_type'] == $from)
{ {
Api\Config::save_value('auth_type', $GLOBALS['egw_info']['server']['auth_type']=$to, 'phpgwapi'); Api\Config::save_value('auth_type', $GLOBALS['egw_info']['server']['auth_type']=$to, 'phpgwapi');

View File

@ -50,6 +50,12 @@ use EGroupware\Api;
* ldap_context=ou=accounts,dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost * ldap_context=ou=accounts,dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost
* *
* - updating passwords for existing users in SQL from LDAP, eg. to switch off authentication to LDAP on a SQL install. * - updating passwords for existing users in SQL from LDAP, eg. to switch off authentication to LDAP on a SQL install.
*
* - migrate whole domain from AD to Univention:
* 1. migrate from AD --> SQL including mail-attributes
* 2. optionaly fix user-names etc in SQL
* 3. migrate from SQL --> Univention (make sure NOT to select existing users like "join-backup/slaves"
* and delete "anonymous" user from EGroupware App install in UCS)
*/ */
class setup_cmd_ldap extends setup_cmd class setup_cmd_ldap extends setup_cmd
{ {
@ -517,6 +523,19 @@ class setup_cmd_ldap extends setup_cmd
$errors++; $errors++;
continue; continue;
} }
if ($accounts_obj->exists($account['account_lid']))
{
$msg[] = lang('%1 already exists in %2.',
lang('User').' '.$account['account_lid'].' ('.$account_id.')', $target);
$errors++;
continue;
}
if ($to == 'univention' && in_array($account['account_lid'], array('root')))
{
$msg[] = lang('%1 not allowed to create in Univention.', $what);
$errors++;
continue;
}
if ($to != 'sql') if ($to != 'sql')
{ {
if ($GLOBALS['egw_info']['server']['ldap_extra_attributes']) if ($GLOBALS['egw_info']['server']['ldap_extra_attributes'])
@ -668,7 +687,7 @@ class setup_cmd_ldap extends setup_cmd
$addressbook = new Api\Contacts\Storage(); $addressbook = new Api\Contacts\Storage();
foreach($this->as_array() as $name => $value) foreach($this->as_array() as $name => $value)
{ {
if (substr($name, 5) == 'ldap_') if (substr($name, 5) == 'ldap_' || substr($name, 4) == 'ads_')
{ {
$GLOBALS['egw_info']['server'][$name] = $value; $GLOBALS['egw_info']['server'][$name] = $value;
} }