diff --git a/setup/ldapimport.php b/setup/ldapimport.php
new file mode 100644
index 0000000000..1bb2cf867e
--- /dev/null
+++ b/setup/ldapimport.php
@@ -0,0 +1,499 @@
+ True,
+ 'nonavbar' => True,
+ 'currentapp' => 'home',
+ 'noapi' => True
+ );
+ include('./inc/functions.inc.php');
+
+ // Authorize the user to use setup app and load the database
+ if(!$GLOBALS['phpgw_setup']->auth('Config'))
+ {
+ Header('Location: index.php');
+ exit;
+ }
+ // Does not return unless user is authorized
+
+ class phpgw
+ {
+ var $common;
+ var $accounts;
+ var $applications;
+ var $db;
+ }
+ $phpgw = new phpgw;
+ $phpgw->common = CreateObject('phpgwapi.common');
+
+ $common = $phpgw->common;
+ $GLOBALS['phpgw_setup']->loaddb();
+ $phpgw->db = $GLOBALS['phpgw_setup']->db;
+
+ $tpl_root = $GLOBALS['phpgw_setup']->html->setup_tpl_dir('setup');
+ $setup_tpl = CreateObject('setup.Template',$tpl_root);
+ $setup_tpl->set_file(array(
+ 'ldap' => 'ldap.tpl',
+ 'T_head' => 'head.tpl',
+ 'T_footer' => 'footer.tpl',
+ 'T_alert_msg' => 'msg_alert_msg.tpl'
+ ));
+
+ $phpgw_info['server']['auth_type'] = 'ldap';
+
+ $phpgw->applications = CreateObject('phpgwapi.applications');
+ $applications = $phpgw->applications;
+
+ $GLOBALS['phpgw_setup']->db->query("SELECT config_name,config_value FROM phpgw_config WHERE config_name LIKE 'ldap%' OR config_name='account_repository'",__LINE__,__FILE__);
+ while($GLOBALS['phpgw_setup']->db->next_record())
+ {
+ $config[$GLOBALS['phpgw_setup']->db->f('config_name')] = $GLOBALS['phpgw_setup']->db->f('config_value');
+ }
+ $phpgw_info['server']['ldap_host'] = $config['ldap_host'];
+ $phpgw_info['server']['ldap_context'] = $config['ldap_context'];
+ $phpgw_info['server']['ldap_group_context'] = $config['ldap_group_context'];
+ $phpgw_info['server']['ldap_root_dn'] = $config['ldap_root_dn'];
+ $phpgw_info['server']['ldap_root_pw'] = $config['ldap_root_pw'];
+ $phpgw_info['server']['ldap_version3'] = $config['ldap_version3'] == "True" ? True : False;
+ $phpgw_info['server']['account_repository'] = $config['account_repository'];
+
+ $phpgw->accounts = CreateObject('phpgwapi.accounts');
+ $acct = $phpgw->accounts;
+
+ // First, see if we can connect to the LDAP server, if not send `em back to config.php with an
+ // error message.
+
+ // connect to ldap server
+ if(!$ldap = $common->ldapConnect())
+ {
+ $noldapconnection = True;
+ }
+
+ if($noldapconnection)
+ {
+ Header('Location: config.php?error=badldapconnection');
+ exit;
+ }
+
+ $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber'));
+ $info = ldap_get_entries($ldap, $sr);
+ $tmp = '';
+
+ for($i=0; $i<$info['count']; $i++)
+ {
+ if(!$phpgw_info['server']['global_denied_users'][$info[$i]['uid'][0]])
+ {
+ $tmp = $info[$i]['uidnumber'][0];
+ $account_info[$tmp]['account_id'] = $info[$i]['uidnumber'][0];
+ $account_info[$tmp]['account_lid'] = $info[$i]['uid'][0];
+ $account_info[$tmp]['account_firstname'] = $info[$i]['givenname'][0];
+ $account_info[$tmp]['account_lastname'] = $info[$i]['sn'][0];
+ $account_info[$tmp]['account_passwd'] = $info[$i]['userpassword'][0];
+ }
+ }
+
+ if($phpgw_info['server']['ldap_group_context'])
+ {
+ $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid'));
+ $info = ldap_get_entries($ldap, $srg);
+ $tmp = '';
+
+ for($i=0; $i<$info['count']; $i++)
+ {
+ if(!$phpgw_info['server']['global_denied_groups'][$info[$i]['cn'][0]] &&
+ !$account_info[$i][$info[$i]['cn'][0]])
+ {
+ $tmp = $info[$i]['gidnumber'][0];
+ $group_info[$tmp]['account_id'] = $info[$i]['gidnumber'][0];
+ $group_info[$tmp]['account_lid'] = $info[$i]['cn'][0];
+ $group_info[$tmp]['members'] = $info[$i]['memberuid'];
+ $group_info[$tmp]['account_firstname'] = $info[$i]['cn'][0];
+ $group_info[$tmp]['account_lastname'] = 'Group';
+ }
+ }
+ }
+ else
+ {
+ $group_info = array();
+ }
+
+ $GLOBALS['phpgw_setup']->db->query("SELECT app_name FROM phpgw_applications WHERE app_enabled!='0' AND app_enabled!='3' ORDER BY app_name",__LINE__,__FILE__);
+ while($GLOBALS['phpgw_setup']->db->next_record())
+ {
+ $apps[$GLOBALS['phpgw_setup']->db->f('app_name')] = lang($GLOBALS['phpgw_setup']->db->f('app_name'));
+ }
+
+ $cancel = get_var('cancel','POST');
+ $submit = get_var('submit','POST');
+ $users = get_var('users','POST');
+ $admins = get_var('admins','POST');
+ $s_apps = get_var('s_apps','POST');
+ $ldapgroups = get_var('ldapgroups','POST');
+
+ if($cancel)
+ {
+ Header('Location: ldap.php');
+ exit;
+ }
+
+ if($submit)
+ {
+ if(!count($admins))
+ {
+ $error = '
You must select at least 1 admin';
+ }
+
+ if(!count($s_apps))
+ {
+ $error .= '
You must select at least 1 application';
+ }
+
+ if(!$error)
+ {
+ if($users)
+ {
+ while(list($key,$id) = each($users))
+ {
+ $id_exist = 0;
+ $thisacctid = $account_info[$id]['account_id'];
+ $thisacctlid = $account_info[$id]['account_lid'];
+ $thisfirstname = $account_info[$id]['account_firstname'];
+ $thislastname = $account_info[$id]['account_lastname'];
+ $thispasswd = $account_info[$id]['account_passwd'];
+
+ // Do some checks before we try to import the data.
+ if(!empty($thisacctid) && !empty($thisacctlid))
+ {
+ $accounts = CreateObject('phpgwapi.accounts',(int)$thisacctid);
+ copyobj($GLOBALS['phpgw_setup']->db,$accounts->db);
+
+ // Check if the account is already there.
+ // If so, we won't try to create it again.
+ $acct_exist = $acct->name2id($thisacctlid);
+ if($acct_exist)
+ {
+ $thisacctid = $acct_exist;
+ }
+ $id_exist = $accounts->exists($thisacctlid);
+ // If not, create it now.
+ if(!$id_exist)
+ {
+ $thisaccount_info = array(
+ 'account_type' => 'u',
+ 'account_lid' => $thisacctlid,
+ 'account_passwd' => 'x',
+ /* 'account_passwd' => $thispasswd, */
+ 'account_firstname' => $thisfirstname,
+ 'account_lastname' => $thislastname,
+ 'account_status' => 'A',
+ 'account_expires' => -1
+ );
+ $thisacctid = $accounts->create($thisaccount_info);
+ }
+ if (!$thisacctid) // if we have no account_id, we cant continue
+ {
+ continue;
+ }
+ // Insert default acls for this user.
+ // Since the group has app rights, we don't need to give users
+ // these rights. Instead, we make the user a member of the Default group
+ // below.
+ $acl = CreateObject('phpgwapi.acl',(int)$thisacctid);
+ $acl->db = $GLOBALS['phpgw_setup']->db;
+ $acl->read_repository();
+
+ // Only give them admin if we asked for them to have it.
+ // This is typically an exception to apps for run rights
+ // as a group member.
+ for($a=0;$adelete('admin','run',1);
+ $acl->add('admin','run',1);
+ }
+ }
+
+ // Now make them a member of the 'Default' group.
+ // But, only if the current user is not the group itself.
+ if(!$defaultgroupid)
+ {
+ $defaultgroupid = $accounts->name2id('Default');
+ }
+ if($defaultgroupid)
+ {
+ $acl->delete('phpgw_group',$defaultgroupid,1);
+ $acl->add('phpgw_group',$defaultgroupid,1);
+ }
+
+ // Save these new acls.
+ $acl->save_repository();
+ }
+ }
+ }
+
+ if($ldapgroups)
+ {
+ while(list($key,$groupid) = each($ldapgroups))
+ {
+ $id_exist = 0;
+ $thisacctid = $group_info[$groupid]['account_id'];
+ $thisacctlid = $group_info[$groupid]['account_lid'];
+ $thisfirstname = $group_info[$groupid]['account_firstname'];
+ $thislastname = $group_info[$groupid]['account_lastname'];
+ $thismembers = $group_info[$groupid]['members'];
+
+ // Do some checks before we try to import the data.
+ if(!empty($thisacctid) && !empty($thisacctlid))
+ {
+ $groups = CreateObject('phpgwapi.accounts',(int)$thisacctid);
+ copyobj($GLOBALS['phpgw_setup']->db,$groups->db);
+
+ // Check if the account is already there.
+ // If so, we won't try to create it again.
+ $acct_exist = $groups->name2id($thisacctlid);
+ /* echo '
exists((int)$thisacctid);
+ // If not, create it now.
+ if(!$id_exist)
+ {
+ $thisgroup_info = array(
+ 'account_type' => 'g',
+ 'account_lid' => $thisacctlid,
+ 'account_passwd' => $passwd,
+ 'account_firstname' => $thisfirstname,
+ 'account_lastname' => $thislastname,
+ 'account_status' => 'A',
+ 'account_expires' => -1
+ );
+ $thisacctid = $groups->create($thisgroup_info);
+ }
+ if (!$thisacctid) // if we have no account_id, we cant continue
+ {
+ continue;
+ }
+ // Now make them a member of this group in phpgw.
+ while(list($key,$members) = each($thismembers))
+ {
+ if($key == 'count')
+ {
+ continue;
+ }
+ /* echo '
members: ' . $members; */
+ $tmpid = 0;
+ @reset($account_info);
+ while(list($x,$y) = each($account_info))
+ {
+ /* echo '
checking: '.$y['account_lid']; */
+ if($members == $y['account_lid'])
+ {
+ $tmpid = $acct->name2id($y['account_lid']);
+ }
+ }
+ /*
+ Insert acls for this group based on memberuid field.
+ Since the group has app rights, we don't need to give users
+ these rights. Instead, we maintain group membership here.
+ */
+ if($tmpid)
+ {
+ $acl = CreateObject('phpgwapi.acl',$tmpid);
+ copyobj($GLOBALS['phpgw_setup']->db,$acl->db);
+ $acl->account_id = (int)$tmpid;
+ $acl->read_repository();
+
+ $acl->delete('phpgw_group',$thisacctid,1);
+ $acl->add('phpgw_group',$thisacctid,1);
+
+ /* Now add the acl to let them change their password */
+ $acl->delete('preferences','changepassword',1);
+ $acl->add('preferences','changepassword',1);
+
+ $acl->save_repository();
+
+ /* Add prefs for selected apps here, since they are per-user.
+ App access is added below.
+ */
+ $pref = CreateObject('phpgwapi.preferences',$tmpid);
+ $pref->db = $GLOBALS['phpgw_setup']->db;
+ $pref->account_id = (int)$tmpid;
+ $pref->read_repository();
+ @reset($s_apps);
+ while(list($key,$app) = each($s_apps))
+ {
+ $phpgw->hooks->single('add_def_pref',$app);
+ }
+ $pref->save_repository();
+ }
+ }
+ /* Now give this group some rights */
+ $phpgw_info['user']['account_id'] = $thisacctid;
+ $acl = CreateObject('phpgwapi.acl');
+ copyobj($GLOBALS['phpgw_setup']->db,$acl->db);
+ $acl->account_id = (int)$thisacctid;
+ $acl->read_repository();
+ @reset($s_apps);
+ while(list($key,$app) = each($s_apps))
+ {
+ $acl->delete($app,'run',1);
+ $acl->add($app,'run',1);
+ }
+ $acl->save_repository();
+ $defaultgroupid = $thisacctid;
+ }
+ }
+ }
+ else
+ {
+ /* Create the 'Default' group */
+ $groups = CreateObject('phpgwapi.accounts',$defaultgroupid);
+ copyobj($GLOBALS['phpgw_setup']->db,$groups->db);
+
+ // Check if the group account is already there.
+ // If so, set our group_id to that account's id for use below.
+ $acct_exist = $groups->name2id('Default');
+ if($acct_exist)
+ {
+ $defaultgroupid = $acct_exist;
+ }
+ $id_exist = $groups->exists((int)$defaultgroupid);
+ // if not, create it, using our original groupid.
+ if($id_exist)
+ {
+ $groups->delete($defaultgroupid);
+ }
+ $thisgroup_info = array(
+ 'account_type' => 'g',
+ 'account_lid' => 'Default',
+ 'account_passwd' => $passwd,
+ 'account_firstname' => 'Default',
+ 'account_lastname' => 'Group',
+ 'account_status' => 'A',
+ 'account_expires' => -1
+ );
+ $acct->create($thisgroup_info);
+
+ $defaultgroupid = $acct->name2id('Default');
+
+ $acl = CreateObject('phpgwapi.acl',$defaultgroupid);
+ copyobj($GLOBALS['phpgw_setup']->db,$acl->db);
+ $acl->account_id = (int)$defaultgroupid;
+ $acl->read_repository();
+ @reset($s_apps);
+ while(list($key,$app) = each($s_apps))
+ {
+ $acl->delete($app,'run',1);
+ $acl->add($app,'run',1);
+ }
+ $acl->save_repository();
+ } //end default group creation
+ }
+ $setup_complete = True;
+ }
+
+ $GLOBALS['phpgw_setup']->html->show_header(lang('LDAP Import'),False,'config',$GLOBALS['phpgw_setup']->ConfigDomain . '(' . $phpgw_domain[$GLOBALS['phpgw_setup']->ConfigDomain]['db_type'] . ')');
+
+ if($error)
+ {
+ //echo '
Error: '.$error.'';
+ $GLOBALS['phpgw_setup']->html->show_alert_msg('Error',$error);
+ }
+
+ if($setup_complete)
+ {
+ echo '
'.lang('Import has been completed!').' '.lang('Click here to return to setup.').'';
+ $GLOBALS['phpgw_setup']->html->show_footer();
+ exit;
+ }
+
+ $setup_tpl->set_block('ldap','header','header');
+ $setup_tpl->set_block('ldap','user_list','user_list');
+ $setup_tpl->set_block('ldap','admin_list','admin_list');
+ $setup_tpl->set_block('ldap','group_list','group_list');
+ $setup_tpl->set_block('ldap','app_list','app_list');
+ $setup_tpl->set_block('ldap','submit','submit');
+ $setup_tpl->set_block('ldap','footer','footer');
+
+ while(list($key,$account) = each($account_info))
+ {
+ $user_list .= '';
+ }
+
+ @reset($account_info);
+ while(list($key,$account) = each($account_info))
+ {
+ $admin_list .= '';
+ }
+
+ while(list($key,$group) = each($group_info))
+ {
+ $group_list .= '';
+ }
+
+ while(list($appname,$apptitle) = each($apps))
+ {
+ if($appname == 'admin' ||
+ $appname == 'skel' ||
+ $appname == 'backup' ||
+ $appname == 'netsaint' ||
+ $appname == 'developer_tools' ||
+ $appname == 'phpsysinfo' ||
+ $appname == 'eldaptir' ||
+ $appname == 'qmailldap')
+ {
+ $app_list .= '';
+ }
+ else
+ {
+ $app_list .= '';
+ }
+ }
+
+ $setup_tpl->set_var('action_url','ldapimport.php');
+ $setup_tpl->set_var('users',$user_list);
+ $setup_tpl->set_var('admins',$admin_list);
+ $setup_tpl->set_var('ldapgroups',$group_list);
+ $setup_tpl->set_var('s_apps',$app_list);
+
+ $setup_tpl->set_var('ldap_import',lang('LDAP import users'));
+ $setup_tpl->set_var('description',lang("This section will help you import users and groups from your LDAP tree into eGroupWare's account tables").'.');
+ $setup_tpl->set_var('select_users',lang('Select which user(s) will be imported'));
+ $setup_tpl->set_var('select_admins',lang('Select which user(s) will have admin privileges'));
+ $setup_tpl->set_var('select_groups',lang('Select which group(s) will be imported (group membership will be maintained)'));
+ $setup_tpl->set_var('select_apps',lang('Select the default applications to which your users will have access').'.');
+ $setup_tpl->set_var('note',lang('Note: You will be able to customize this later').'.');
+ $setup_tpl->set_var('form_submit','import');
+ $setup_tpl->set_var('cancel',lang('Cancel'));
+
+ $setup_tpl->pfp('out','header');
+ $setup_tpl->pfp('out','user_list');
+ $setup_tpl->pfp('out','admin_list');
+ $setup_tpl->pfp('out','group_list');
+ $setup_tpl->pfp('out','app_list');
+ $setup_tpl->pfp('out','submit');
+ $setup_tpl->pfp('out','footer');
+
+ $GLOBALS['phpgw_setup']->html->show_footer();
+?>