diff --git a/setup/account_migration.php b/setup/account_migration.php new file mode 100644 index 0000000000..3075addbc3 --- /dev/null +++ b/setup/account_migration.php @@ -0,0 +1,230 @@ + LDAP + * + * The migration is done to the account-repository configured for eGroupWare! + * + * @link http://www.egroupware.org + * @package setup + * @author Ralf Becker + * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License + * @version $Id$ + */ + +$GLOBALS['egw_info'] = array( + 'flags' => array( + 'noheader' => True, + 'nonavbar' => True, + 'currentapp' => 'home', + 'noapi' => True +)); +include('./inc/functions.inc.php'); + +// Authorize the user to use setup app and load the database +if (!$GLOBALS['egw_setup']->auth('Config') || $_POST['cancel']) +{ + Header('Location: index.php'); + exit; +} +// Does not return unless user is authorized + +// the migration script needs a session to store the accounts +session_start(); + +$tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup'); +$setup_tpl = CreateObject('setup.Template',$tpl_root); +$setup_tpl->set_file(array( + 'migration' => 'account_migration.tpl', + 'T_head' => 'head.tpl', + 'T_footer' => 'footer.tpl', + 'T_alert_msg' => 'msg_alert_msg.tpl' +)); + +function hash_sql2ldap($hash) +{ + switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type'])) + { + case '': // not set sql_encryption_type + case 'md5': + $hash = '{md5}' . base64_encode(pack("H*",$hash)); + break; + case 'crypt': + $hash = '{crypt}' . $hash; + break; + } + return $hash; +} + +// determine from where we migrate to what +if (!is_object($GLOBALS['egw_setup']->db)) +{ + $GLOBALS['egw_setup']->loaddb(); +} +// Load configuration values account_repository and auth_type, a setup has not yet done so +/*$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value', + array('config_name'=>array('account_respository','auth_type')),__LINE__,__FILE__); +while(($row = $GLOBALS['egw_setup']->db->row(true))) +{ + $GLOBALS['egw_info']['server'][$row['config_name']] = $row['config_value']; +}*/ +$to = $GLOBALS['egw_info']['server']['account_repository']; +if (!$to && !($to = $GLOBALS['egw_info']['server']['auth_type'])) +{ + $to = 'sql'; +} +$from = $to == 'sql' ? 'ldap' : 'sql'; +$direction = strtoupper($from).' --> '.strtoupper($to); + +$GLOBALS['egw_setup']->html->show_header($direction,False,'config',$GLOBALS['egw_setup']->ConfigDomain . + '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')'); + +if (!$_POST['migrate']) +{ + // fetch and display the accounts of the NOT set $from repository + $GLOBALS['egw_info']['server']['account_repository'] = $from; + $GLOBALS['egw_setup']->setup_account_object(); + + // fetch all users and groups + $accounts = $GLOBALS['egw']->accounts->search(array( + 'type' => 'both', + )); + // fetch the complete data (search reads not everything), plus the members(hips) + foreach($accounts as $account_id => $account) + { + $accounts[$account_id] = $GLOBALS['egw']->accounts->read($account_id); + + if ($account['account_type'] == 'g') + { + $accounts[$account_id]['members'] = $GLOBALS['egw']->accounts->members($account_id,true); + } + else + { + $accounts[$account_id]['memberships'] = $GLOBALS['egw']->accounts->memberships($account_id,true); + } + } + //_debug_array($accounts); + // store the complete info in the session to be availible after user selected what to migrate + // we cant instanciate to account-repositories at the same time, as the backend-classes have identical names + $_SESSION['all_accounts'] =& $accounts; + + // now outputting the account selection + $setup_tpl->set_block('migration','header','header'); + $setup_tpl->set_block('migration','user_list','user_list'); + $setup_tpl->set_block('migration','group_list','group_list'); + $setup_tpl->set_block('migration','submit','submit'); + $setup_tpl->set_block('migration','footer','footer'); + + foreach($accounts as $account_id => $account) + { + if ($account['account_type'] == 'g') + { + $group_list .= '\n"; + } + else + { + $user_list .= '\n"; + } + } + $setup_tpl->set_var('action_url','account_migration.php'); + $setup_tpl->set_var('users',$user_list); + $setup_tpl->set_var('groups',$group_list); + + $setup_tpl->set_var('description',lang('Migration between eGroupWare account repositories').': '.$direction); + $setup_tpl->set_var('select_users',lang('Select which user(s) will be exported')); + $setup_tpl->set_var('select_groups',lang('Select which group(s) will be exported')); + $setup_tpl->set_var('memberships',lang('Group memberships will be migrated too.')); + $setup_tpl->set_var('migrate',$direction); + $setup_tpl->set_var('cancel',lang('Cancel')); + + $setup_tpl->pfp('out','header'); + if($user_list) + { + $setup_tpl->pfp('out','user_list'); + } + if($group_list) + { + $setup_tpl->pfp('out','group_list'); + } + $setup_tpl->pfp('out','submit'); + $setup_tpl->pfp('out','footer'); +} +else // do the migration +{ + $GLOBALS['egw_info']['server']['account_repository'] = $to; + $GLOBALS['egw_setup']->setup_account_object(); + + $target = strtoupper($to); + $accounts =& $_SESSION['all_accounts']; + + if($_POST['users']) + { + foreach($_POST['users'] as $account_id) + { + if (!isset($accounts[$account_id])) continue; + + // check if user already exists + if ($GLOBALS['egw']->accounts->exists($account_id)) + { + echo '

'.lang('%1 already exists in %2.',lang('User')." $account_id ({$accounts[$account_id]['account_lid']})",$target)."

\n"; + continue; + } + if ($to == 'ldap') + { + if ($GLOBALS['egw_info']['server']['ldap_extra_attributes']) + { + $accounts[$account_id]['homedirectory'] = $GLOBALS['egw_info']['server']['ldap_account_home'] . '/' . $accounts[$account_id]['account_lid']; + $accounts[$account_id]['loginshell'] = $GLOBALS['egw_info']['server']['ldap_account_shell']; + } + $accounts[$account_id]['account_passwd'] = hash_sql2ldap($accounts[$account_id]['account_pwd']); + } + else + { + // ToDo migrate ldap password hashes to sql, not as easy as we dont store the hash-type in the password + // maybe we should change sql to store passwords identical to ldap prefixed with {hash} + $accounts[$account_id]['account_passwd'] = $accounts[$account_id]['account_pwd']; + } + if (!$GLOBALS['egw']->accounts->save($accounts[$account_id])) + { + echo '

'.lang('Creation of %1 in %2 failed !!!',lang('User')." $account_id ({$accounts[$account_id]['account_lid']})",$target)."

\n"; + continue; + } + $GLOBALS['egw']->accounts->set_memberships($accounts[$account_id]['memberships'],$account_id); + echo '

'.lang('%1 created in %2.',lang('User')." $account_id ({$accounts[$account_id]['account_lid']})",$target)."

\n"; + } + } + if($_POST['groups']) + { + foreach($_POST['groups'] as $account_id) + { + if (!isset($accounts[$account_id])) continue; + + // check if group already exists + if (!$GLOBALS['egw']->accounts->exists($account_id)) + { + if (!$GLOBALS['egw']->accounts->save($accounts[$account_id])) + { + echo '

'.lang('Creation of %1 in %2 failed !!!',lang('Group')." $account_id ({$accounts[$account_id]['account_lid']})",$target)."

\n"; + continue; + } + echo '

'.lang('%1 created in %2.',lang('Group')." $account_id ({$accounts[$account_id]['account_lid']})",$target)."

\n"; + } + else + { + echo '

'.lang('%1 already exists in %2.',lang('Group')." $account_id ({$accounts[$account_id]['account_lid']})",$target)."

\n"; + + if ($GLOBALS['egw']->accounts->id2name($account_id) != $accounts[$account_id]['account_lid']) + { + continue; // different group under that gidnumber! + } + } + // now saving / updating the memberships + $GLOBALS['egw']->accounts->set_members($accounts[$account_id]['members'],$account_id); + } + } + echo '

'.lang('Export has been completed!')."

\n"; + echo '

'.lang('Click here to return to setup.')."

\n"; +} + +$GLOBALS['egw_setup']->html->show_footer(); diff --git a/setup/admin_account.php b/setup/admin_account.php index b1b20ae0cf..629cbebd2a 100644 --- a/setup/admin_account.php +++ b/setup/admin_account.php @@ -72,9 +72,10 @@ 'username' => $username, 'fname' => $fname, 'lname' => $lname, + 'email' => $email, )); $setup_tpl->set_var('action_url','admin_account.php'); - $setup_tpl->set_var('description',lang('This will create 1 admin account and 3 demo accounts
The username/passwords are: demo/guest, demo2/guest and demo3/guest.')); + $setup_tpl->set_var('description',lang('This will create a first user in eGroupWare or reset password and admin rights of an exiting user')); $setup_tpl->set_var('lang_deleteall',lang('Delete all existing SQL accounts, groups, ACLs and preferences (normally not necessary)?')); $setup_tpl->set_var('detailadmin',lang('Details for Admin account')); @@ -84,7 +85,10 @@ $setup_tpl->set_var('adminemail',lang('Admin email address')); $setup_tpl->set_var('adminpassword',lang('Admin password')); $setup_tpl->set_var('adminpassword2',lang('Re-enter password')); + $setup_tpl->set_var('admin_all_apps',lang('Give admin access to all installed apps')); + $setup_tpl->set_var('all_apps_desc',lang('Usually more annoying.
Admins can use Admin >> Manage accounts or groups to give access to further apps.')); $setup_tpl->set_var('create_demo_accounts',lang('Create demo accounts')); + $setup_tpl->set_var('demo_desc',lang('The username/passwords are: demo/guest, demo2/guest and demo3/guest.')); $setup_tpl->set_var('lang_submit',lang('Save')); $setup_tpl->set_var('lang_cancel',lang('Cancel')); @@ -110,24 +114,34 @@ if (!$defaultgroupid || !$admingroupid) { + if (strstr($_SERVER['PHP_SELF'],'setup-cli.php')) + { + return 42; //lang('Error in group-creation !!!'); // dont exit on setup-cli + } echo '

'.lang('Error in group-creation !!!')."

\n"; echo '

'.lang('click here to return to setup.')."

\n"; $GLOBALS['egw_setup']->db->transaction_abort(); exit; } - /* Group perms for the default group */ + // Group perms for the default group $GLOBALS['egw_setup']->add_acl(array('addressbook','calendar','infolog','felamimail','preferences','home','manual'),'run',$defaultgroupid); - // give admin access to all apps, to save us some support requests - $all_apps = array(); + $apps = array(); $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->applications_table,'app_name','app_enabled < 3',__LINE__,__FILE__); while ($GLOBALS['egw_setup']->db->next_record()) { - $all_apps[] = $GLOBALS['egw_setup']->db->f('app_name'); + $apps[] = $GLOBALS['egw_setup']->db->f('app_name'); } - $GLOBALS['egw_setup']->add_acl($all_apps,'run',$admingroupid); + // if not otherwise selected, give admin only access to the rest of the default apps, + // not yet set for the default group or development only apps like (etemplate, jinn, tt's) + if (!$_POST['admin_all_apps']) + { + $apps = array_intersect(array('admin','emailadmin','filemanager','mydms','news_admin','phpbrain','phpsysinfo','polls','projectmanager','resources','sambaadmin','sitemgr','timesheet','wiki'),$apps); + } + $GLOBALS['egw_setup']->add_acl($apps,'run',$admingroupid); + // give admin access to default apps, not yet set for the default group function insert_default_prefs($accountid) { $defaultprefs = array( @@ -187,6 +201,10 @@ $accountid = $GLOBALS['egw_setup']->add_account($username,$fname,$lname,$passwd,'Admins',True,$email); if (!$accountid) { + if (strstr($_SERVER['PHP_SELF'],'setup-cli.php')) + { + return 41; //lang('Error in admin-creation !!!'); // dont exit on setup-cli + } echo '

'.lang('Error in admin-creation !!!')."

\n"; echo '

'.lang('click here to return to setup.')."

\n"; $GLOBALS['egw_setup']->db->transaction_abort(); diff --git a/setup/config.php b/setup/config.php index 99d167f1d1..76a5503083 100644 --- a/setup/config.php +++ b/setup/config.php @@ -111,16 +111,8 @@ { $GLOBALS['egw_setup']->db->transaction_commit(); - if($newsettings['auth_type'] == 'ldap') - { - Header('Location: ldap.php'); - exit; - } - else - { - Header('Location: index.php'); - exit; - } + Header('Location: index.php'); + exit; } } diff --git a/setup/inc/class.setup.inc.php b/setup/inc/class.setup.inc.php index 8442db5c8d..133cfbe472 100644 --- a/setup/inc/class.setup.inc.php +++ b/setup/inc/class.setup.inc.php @@ -859,13 +859,16 @@ $this->loaddb(); } /* Load up some configured values */ - $this->db->query("SELECT config_name,config_value FROM $this->config_table " - . "WHERE config_name LIKE 'ldap%' OR config_name LIKE 'account_%' OR config_name LIKE '%encryption%'",__LINE__,__FILE__); - while($this->db->next_record()) + $this->db->select($this->config_table,'config_name,config_value', + "config_name LIKE 'ldap%' OR config_name LIKE 'account_%' OR config_name LIKE '%encryption%' OR config_name='auth_type'",__LINE__,__FILE__); + while(($row = $this->db->row(true))) { - $GLOBALS['egw_info']['server'][$this->db->f('config_name')] = $this->db->f('config_value'); + if (!isset($GLOBALS['egw_info']['server'][$row['config_name']])) // dont overwrite + { + $GLOBALS['egw_info']['server'][$row['config_name']] = $row['config_value']; + } } - //if (!is_object($GLOBALS['egw'])) + if (!is_object($GLOBALS['egw'])) { $GLOBALS['egw'] =& new egw_dummy(); $GLOBALS['phpgw'] =& $GLOBALS['egw']; diff --git a/setup/ldap.php b/setup/ldap.php deleted file mode 100644 index 321822cf24..0000000000 --- a/setup/ldap.php +++ /dev/null @@ -1,77 +0,0 @@ - array( - 'noheader' => True, - 'nonavbar' => True, - 'currentapp' => 'home', - 'noapi' => True - )); - include('./inc/functions.inc.php'); - - // Authorize the user to use setup app and load the database - if (!$GLOBALS['egw_setup']->auth('Config')) - { - Header('Location: index.php'); - exit; - } - // Does not return unless user is authorized - - if (get_var('cancel',Array('POST'))) - { - Header('Location: index.php'); - exit; - } - - $tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup'); - $setup_tpl = CreateObject('setup.Template',$tpl_root); - $setup_tpl->set_file(array( - 'ldap' => 'ldap.tpl', - 'T_head' => 'head.tpl', - 'T_footer' => 'footer.tpl', - 'T_alert_msg' => 'msg_alert_msg.tpl' - )); - - $GLOBALS['egw_setup']->html->show_header(lang('LDAP Config'),False,'config',$GLOBALS['egw_setup']->ConfigDomain . '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')'); - - if ($GLOBALS['error']) - { - //echo '
Error: '.$error.'
'; - $GLOBALS['egw_setup']->html->show_alert_msg('Error',$GLOBALS['error']); - } - - $setup_tpl->set_block('ldap','header','header'); - $setup_tpl->set_block('ldap','jump','jump'); - $setup_tpl->set_block('ldap','cancel_only','cancel_only'); - $setup_tpl->set_block('ldap','footer','footer'); - - $setup_tpl->set_var('description',lang('LDAP Accounts Configuration')); - $setup_tpl->set_var('lang_ldapmodify',lang('Modify an existing LDAP account store for use with eGroupWare (for a new install using LDAP accounts)')); - $setup_tpl->set_var('lang_ldapimport',lang('Import accounts from LDAP to the eGroupware accounts table (for a new install using SQL accounts)')); - $setup_tpl->set_var('lang_ldapexport',lang('Export eGroupware accounts from SQL to LDAP')); - $setup_tpl->set_var('lang_ldapdummy',lang('Setup demo accounts in LDAP')); - $setup_tpl->set_var('ldapmodify','ldapmodify.php'); - $setup_tpl->set_var('ldapimport','ldapimport.php'); - $setup_tpl->set_var('ldapexport','ldapexport.php'); - $setup_tpl->set_var('ldapdummy','admin_account.php'); - $setup_tpl->set_var('action_url','index.php'); - $setup_tpl->set_var('cancel',lang('Cancel')); - - $setup_tpl->pfp('out','header'); - $setup_tpl->pfp('out','jump'); - $setup_tpl->pfp('out','cancel_only'); - $setup_tpl->pfp('out','footer'); - - $GLOBALS['egw_setup']->html->show_footer(); -?> diff --git a/setup/ldapexport.php b/setup/ldapexport.php deleted file mode 100644 index 7ec31628d0..0000000000 --- a/setup/ldapexport.php +++ /dev/null @@ -1,250 +0,0 @@ - array( - 'noheader' => True, - 'nonavbar' => True, - 'currentapp' => 'home', - 'noapi' => True - )); - include('./inc/functions.inc.php'); - - // Authorize the user to use setup app and load the database - if (!$GLOBALS['egw_setup']->auth('Config')) - { - Header('Location: index.php'); - exit; - } - // Does not return unless user is authorized - - class egw - { - var $common; - var $accounts; - var $applications; - var $db; - } - $egw =& new egw; - $egw->common =& CreateObject('phpgwapi.common'); - - $common =& $egw->common; - $GLOBALS['egw_setup']->loaddb(); - $egw->db = clone($GLOBALS['egw_setup']->db); - - $tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup'); - $setup_tpl = CreateObject('setup.Template',$tpl_root); - $setup_tpl->set_file(array( - 'ldap' => 'ldap.tpl', - 'T_head' => 'head.tpl', - 'T_footer' => 'footer.tpl', - 'T_alert_msg' => 'msg_alert_msg.tpl' - )); - - function hash_sql2ldap($hash) - { - switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type'])) - { - case '': // not set sql_encryption_type - case 'md5': - $hash = '{md5}' . base64_encode(pack("H*",$hash)); - break; - case 'crypt': - $hash = '{crypt}' . $hash; - break; - } - return $hash; - } - - $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array( - "config_name LIKE 'ldap%'", - ),__LINE__,__FILE__); - while ($GLOBALS['egw_setup']->db->next_record()) - { - $GLOBALS['egw_info']['server'][$GLOBALS['egw_setup']->db->f('config_name')] = $GLOBALS['egw_setup']->db->f('config_value'); - } - $GLOBALS['egw_info']['server']['account_repository'] = 'ldap'; - - $egw->accounts =& CreateObject('phpgwapi.accounts'); - $acct =& $egw->accounts; - - // First, see if we can connect to the LDAP server, if not send `em back to config.php with an - // error message. - - // connect to ldap server - if(!$ldap = $common->ldapConnect()) - { - $noldapconnection = True; - } - - if($noldapconnection) - { - Header('Location: config.php?error=badldapconnection'); - exit; - } - - // read all accounts & groups direct from SQL for export - $group_info = $account_info = array(); - $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->accounts_table,'*',false,__LINE__,__FILE__); - while(($row = $GLOBALS['egw_setup']->db->row(true))) - { - if ($row['account_type'] == 'u') // account - { - $account_info[$row['account_id']] = $row; - } - else // group - { - $row['account_id'] *= -1; // group account_id is internally negative since 1.2 - $group_info[(string)$row['account_id']] = $row; - - } - } - - if($_POST['cancel']) - { - Header('Location: ldap.php'); - exit; - } - $GLOBALS['egw_setup']->html->show_header(lang('LDAP Export'),False,'config',$GLOBALS['egw_setup']->ConfigDomain . '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')'); - - if($_POST['submit']) - { - if($_POST['users']) - { - foreach($_POST['users'] as $accountid) - { - if (!isset($account_info[$accountid])) continue; - - $accounts =& CreateObject('phpgwapi.accounts',(int)$accountid); - - // check if user already exists in ldap - if ($accounts->exists($accountid)) - { - echo '

'.lang('%1 already exists in LDAP.',lang('User')." $accountid ({$account_info[$accountid]['account_lid']})")."

\n"; - continue; - } - $account_info[$accountid]['homedirectory'] = $GLOBALS['egw_info']['server']['ldap_account_home'] . '/' . $account_info[$accountid]['account_lid']; - $account_info[$accountid]['loginshell'] = $GLOBALS['egw_info']['server']['ldap_account_shell']; - - $account_info[$accountid]['account_passwd'] = hash_sql2ldap($account_info[$accountid]['account_passwd']); - - if (!$accounts->create($account_info[$accountid])) - { - echo '

'.lang('Creation of %1 in LDAP failed !!!',lang('User')." $accountid ({$account_info[$accountid]['account_lid']})")."

\n"; - continue; - } - echo '

'.lang('%1 created in LDAP.',lang('User')." $accountid ({$account_info[$accountid]['account_lid']})")."

\n"; - } - } - if($_POST['ldapgroups']) - { - foreach($_POST['ldapgroups'] as $groupid) - { - if (!isset($group_info[$groupid])) continue; - - $groups =& CreateObject('phpgwapi.accounts',(int)$groupid); - - // check if group already exists in ldap - if (!$groups->exists($groupid)) - { - if (!$groups->create($group_info[$groupid])) - { - echo '

'.lang('Creation of %1 failed !!!',lang('Group')." $groupid ({$group_info[$groupid]['account_lid']})")."

\n"; - continue; - } - echo '

'.lang('%1 created in LDAP.',lang('Group')." $groupid ({$group_info[$groupid]['account_lid']})")."

\n"; - } - else - { - echo '

'.lang('%1 already exists in LDAP.',lang('Group')." $groupid ({$group_info[$groupid]['account_lid']})")."

\n"; - - if ($groups->id2name($groupid) != $group_info[$groupid]['account_lid']) - { - continue; // different group under that gidnumber in ldap! - } - } - // now saving / updating the memberships - $groups->read_repository(); - if (!is_object($GLOBALS['egw']->acl)) - { - $GLOBALS['egw']->acl =& CreateObject('phpgwapi.acl'); - } - $groups->save_repository(); - } - } - $setup_complete = True; - } - - - if($error) - { - //echo '
Error: '.$error.'
'; - $GLOBALS['egw_setup']->html->show_alert_msg('Error',$error); - } - - if($setup_complete) - { - echo '
'.lang('Export has been completed! You will need to set the user passwords manually.').'
'; - echo '
'.lang('Click here to return to setup.').'
'; - $GLOBALS['egw_setup']->html->show_footer(); - exit; - } - - $setup_tpl->set_block('ldap','header','header'); - $setup_tpl->set_block('ldap','user_list','user_list'); - $setup_tpl->set_block('ldap','admin_list','admin_list'); - $setup_tpl->set_block('ldap','group_list','group_list'); - $setup_tpl->set_block('ldap','app_list','app_list'); - $setup_tpl->set_block('ldap','submit','submit'); - $setup_tpl->set_block('ldap','footer','footer'); - - foreach($account_info as $account) - { - $user_list .= ''; - } - - foreach($group_info as $group) - { - $group_list .= ''; - } - - $setup_tpl->set_var('action_url','ldapexport.php'); - $setup_tpl->set_var('users',$user_list); - $setup_tpl->set_var('admins',$admin_list); - $setup_tpl->set_var('ldapgroups',$group_list); - $setup_tpl->set_var('s_apps',$app_list); - - $setup_tpl->set_var('ldap_import',lang('LDAP export users')); - $setup_tpl->set_var('description',lang("This section will help you export users and groups from eGroupWare's account tables into your LDAP tree").'.'); - $setup_tpl->set_var('select_users',lang('Select which user(s) will be exported')); - $setup_tpl->set_var('select_groups',lang('Select which group(s) will be exported (group membership will be maintained)')); - $setup_tpl->set_var('form_submit','export'); - $setup_tpl->set_var('cancel',lang('Cancel')); - - $setup_tpl->pfp('out','header'); - if($account_info) - { - $setup_tpl->pfp('out','user_list'); - } - if($group_info) - { - $setup_tpl->pfp('out','group_list'); - } - $setup_tpl->pfp('out','submit'); - $setup_tpl->pfp('out','footer'); - - $GLOBALS['egw_setup']->html->show_footer(); diff --git a/setup/ldapimport.php b/setup/ldapimport.php deleted file mode 100644 index 380b2b466d..0000000000 --- a/setup/ldapimport.php +++ /dev/null @@ -1,481 +0,0 @@ - array( - 'noheader' => True, - 'nonavbar' => True, - 'currentapp' => 'home', - 'noapi' => True - )); - include('./inc/functions.inc.php'); - - // Authorize the user to use setup app and load the database - if(!$GLOBALS['egw_setup']->auth('Config')) - { - Header('Location: index.php'); - exit; - } - // Does not return unless user is authorized - - class phpgw - { - var $common; - var $accounts; - var $applications; - var $db; - } - $phpgw = new phpgw; - $phpgw->common = CreateObject('phpgwapi.common'); - - $common = $phpgw->common; - $GLOBALS['egw_setup']->loaddb(); - $phpgw->db = $GLOBALS['egw_setup']->db; - - $tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup'); - $setup_tpl = CreateObject('setup.Template',$tpl_root); - $setup_tpl->set_file(array( - 'ldap' => 'ldap.tpl', - 'T_head' => 'head.tpl', - 'T_footer' => 'footer.tpl', - 'T_alert_msg' => 'msg_alert_msg.tpl' - )); - - $GLOBALS['egw_info']['server']['auth_type'] = 'ldap'; - - $phpgw->applications = CreateObject('phpgwapi.applications'); - $applications = $phpgw->applications; - - $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array( - "config_name LIKE 'ldap%' OR config_name='account_repository'", - ),__LINE__,__FILE__); - while($GLOBALS['egw_setup']->db->next_record()) - { - $config[$GLOBALS['egw_setup']->db->f('config_name')] = $GLOBALS['egw_setup']->db->f('config_value'); - } - $GLOBALS['egw_info']['server']['ldap_host'] = $config['ldap_host']; - $GLOBALS['egw_info']['server']['ldap_context'] = $config['ldap_context']; - $GLOBALS['egw_info']['server']['ldap_group_context'] = $config['ldap_group_context']; - $GLOBALS['egw_info']['server']['ldap_root_dn'] = $config['ldap_root_dn']; - $GLOBALS['egw_info']['server']['ldap_root_pw'] = $config['ldap_root_pw']; - $GLOBALS['egw_info']['server']['ldap_version3'] = $config['ldap_version3'] == "True" ? True : False; - $GLOBALS['egw_info']['server']['account_repository'] = $config['account_repository']; - - $phpgw->accounts = CreateObject('phpgwapi.accounts'); - $acct = $phpgw->accounts; - - // First, see if we can connect to the LDAP server, if not send `em back to config.php with an - // error message. - - // connect to ldap server - if(!$ldap = $common->ldapConnect()) - { - $noldapconnection = True; - } - - if($noldapconnection) - { - Header('Location: config.php?error=badldapconnection'); - exit; - } - - $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber','email','gidnumber')); - $info = ldap_get_entries($ldap, $sr); - $account_info = $group_info = array(); - - for($i=0; $i<$info['count']; $i++) - { - if(!$GLOBALS['egw_info']['server']['global_denied_users'][$info[$i]['uid'][0]]) - { - $account_info[$info[$i]['uidnumber'][0]] = array( - 'account_id' => $info[$i]['uidnumber'][0], - 'account_lid' => $info[$i]['uid'][0], - 'account_firstname' => $info[$i]['givenname'][0], - 'account_lastname' => $info[$i]['sn'][0], - 'account_passwd' => $info[$i]['userpassword'][0], - 'account_email' => $info[$i]['email'][0], - 'account_primary_group' => -$info[$i]['gidnumber'][0], - ); - } - } - - if($GLOBALS['egw_info']['server']['ldap_group_context']) - { - $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid')); - $info = ldap_get_entries($ldap, $srg); - - for($i=0; $i<$info['count']; $i++) - { - if(!$GLOBALS['egw_info']['server']['global_denied_groups'][$info[$i]['cn'][0]] && - !$account_info[$i][$info[$i]['cn'][0]]) - { - $group_info[-$info[$i]['gidnumber'][0]] = array( - 'account_id' => -$info[$i]['gidnumber'][0], - 'account_lid' => $info[$i]['cn'][0], - 'members' => $info[$i]['memberuid'], - 'account_firstname' => $info[$i]['cn'][0], - 'account_lastname' => 'Group' - ); - } - } - } - - $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->applications_table,'app_name','app_enabled != 0 AND app_enabled != 3',__LINE__,__FILE__); - while($GLOBALS['egw_setup']->db->next_record()) - { - $apps[$GLOBALS['egw_setup']->db->f('app_name')] = lang($GLOBALS['egw_setup']->db->f('app_name')); - } - - $cancel = get_var('cancel','POST'); - $submit = get_var('submit','POST'); - $users = get_var('users','POST'); - $admins = get_var('admins','POST'); - $s_apps = get_var('s_apps','POST'); - $ldapgroups = get_var('ldapgroups','POST'); - - if($cancel) - { - Header('Location: ldap.php'); - exit; - } - - if($submit) - { - if(!count($admins)) - { - $error = '
You must select at least 1 admin'; - } - - if(!count($s_apps)) - { - $error .= '
You must select at least 1 application'; - } - - if(!$error) - { - if($users) - { - foreach($users as $id) - { - $thisacctid = $account_info[$id]['account_id']; - $thisacctlid = $account_info[$id]['account_lid']; - - // Do some checks before we try to import the data. - if(!empty($thisacctid) && !empty($thisacctlid)) - { - $accounts =& CreateObject('phpgwapi.accounts',(int)$thisacctid); - - // Check if the account is already there. - // If so, we won't try to create it again. - $acct_exist = $acct->name2id($thisacctlid); - if($acct_exist) - { - $thisacctid = $acct_exist; - } - $id_exist = $accounts->exists($thisacctlid); - // If not, create it now. - if(!$id_exist) - { - $thisacctid = $accounts->create($account_info[$id]+array( - 'account_type' => 'u', - 'account_status' => 'A', - 'account_expires' => -1, - )); - } - if (!$thisacctid) // if we have no account_id, we cant continue - { - continue; - } - // Insert default acls for this user. - // Since the group has app rights, we don't need to give users - // these rights. Instead, we make the user a member of the Default group - // below. - $acl = CreateObject('phpgwapi.acl',(int)$thisacctid); - $acl->db = $GLOBALS['egw_setup']->db; - $acl->read_repository(); - - // Only give them admin if we asked for them to have it. - // This is typically an exception to apps for run rights - // as a group member. - for($a=0;$adelete('admin','run',1); - $acl->add('admin','run',1); - } - } - - // Now make them a member of the 'Default' group. - // But, only if the current user is not the group itself. - if(!$defaultgroupid) - { - $defaultgroupid = $accounts->name2id('Default'); - } - if($defaultgroupid) - { - $acl->delete('phpgw_group',$defaultgroupid,1); - $acl->add('phpgw_group',$defaultgroupid,1); - } - - // Save these new acls. - $acl->save_repository(); - } - } - } - - if($ldapgroups) - { - foreach($ldapgroups as $groupid) - { - $id_exist = 0; - $thisacctid = $group_info[$groupid]['account_id']; - $thisacctlid = $group_info[$groupid]['account_lid']; - $thisfirstname = $group_info[$groupid]['account_firstname']; - $thislastname = $group_info[$groupid]['account_lastname']; - $thismembers = $group_info[$groupid]['members']; - - // Do some checks before we try to import the data. - if(!empty($thisacctid) && !empty($thisacctlid)) - { - $groups = CreateObject('phpgwapi.accounts',(int)$thisacctid); - - // Check if the account is already there. - // If so, we won't try to create it again. - $acct_exist = $groups->name2id($thisacctlid); - /* echo 'exists((int)$thisacctid); - // If not, create it now. - if(!$id_exist) - { - $thisacctid = $groups->create(array( - 'account_type' => 'g', - 'account_lid' => $thisacctlid, - 'account_passwd' => 'x', - 'account_firstname' => $thisfirstname, - 'account_lastname' => $thislastname, - 'account_status' => 'A', - 'account_expires' => -1 - )); - } - if (!$thisacctid) // if we have no account_id, we cant continue - { - continue; - } - // Now make them a member of this group in phpgw. - foreach($thismembers as $key =>$members) - { - if($key == 'count') - { - continue; - } - /* echo '
members: ' . $members; */ - $tmpid = 0; - @reset($account_info); - while(list($x,$y) = each($account_info)) - { - /* echo '
checking: '.$y['account_lid']; */ - if($members == $y['account_lid']) - { - $tmpid = $acct->name2id($y['account_lid']); - } - } - /* - Insert acls for this group based on memberuid field. - Since the group has app rights, we don't need to give users - these rights. Instead, we maintain group membership here. - */ - if($tmpid) - { - $acl = CreateObject('phpgwapi.acl',$tmpid); - $acl->account_id = (int)$tmpid; - $acl->read_repository(); - - $acl->delete('phpgw_group',$thisacctid,1); - $acl->add('phpgw_group',$thisacctid,1); - - /* Now add the acl to let them change their password */ - $acl->delete('preferences','changepassword',1); - $acl->add('preferences','changepassword',1); - - $acl->save_repository(); - - /* Add prefs for selected apps here, since they are per-user. - App access is added below. - */ - $pref = CreateObject('phpgwapi.preferences',$tmpid); - $pref->db = $GLOBALS['egw_setup']->db; - $pref->account_id = (int)$tmpid; - $pref->read_repository(); - @reset($s_apps); - while(list($key,$app) = each($s_apps)) - { - $phpgw->hooks->single('add_def_pref',$app); - } - $pref->save_repository(); - } - } - /* Now give this group some rights */ - $GLOBALS['egw_info']['user']['account_id'] = $thisacctid; - $acl = CreateObject('phpgwapi.acl'); - $acl->account_id = (int)$thisacctid; - $acl->read_repository(); - @reset($s_apps); - while(list($key,$app) = each($s_apps)) - { - $acl->delete($app,'run',1); - $acl->add($app,'run',1); - } - $acl->save_repository(); - $defaultgroupid = $thisacctid; - } - } - } - else - { - /* Create the 'Default' group */ - $groups = CreateObject('phpgwapi.accounts',$defaultgroupid); - - // Check if the group account is already there. - // If so, set our group_id to that account's id for use below. - $acct_exist = $groups->name2id('Default'); - if($acct_exist) - { - $defaultgroupid = $acct_exist; - } - $id_exist = $groups->exists((int)$defaultgroupid); - // if not, create it, using our original groupid. - if($id_exist) - { - $groups->delete($defaultgroupid); - } - $thisgroup_info = array( - 'account_type' => 'g', - 'account_lid' => 'Default', - 'account_passwd' => $passwd, - 'account_firstname' => 'Default', - 'account_lastname' => 'Group', - 'account_status' => 'A', - 'account_expires' => -1 - ); - $defaultgroupid = $acct->create($thisgroup_info); - - $acl = CreateObject('phpgwapi.acl',$defaultgroupid); - $acl->account_id = (int)$defaultgroupid; - $acl->read_repository(); - @reset($s_apps); - while(list($key,$app) = each($s_apps)) - { - $acl->delete($app,'run',1); - $acl->add($app,'run',1); - } - $acl->save_repository(); - } //end default group creation - } - $setup_complete = True; - } - - $GLOBALS['egw_setup']->html->show_header(lang('LDAP Import'),False,'config',$GLOBALS['egw_setup']->ConfigDomain . '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')'); - - if($error) - { - //echo '
Error: '.$error.'
'; - $GLOBALS['egw_setup']->html->show_alert_msg('Error',$error); - } - - if($setup_complete) - { - echo '
'.lang('Import has been completed!').' '.lang('Click here to return to setup.').'
'; - $GLOBALS['egw_setup']->html->show_footer(); - exit; - } - - $setup_tpl->set_block('ldap','header','header'); - $setup_tpl->set_block('ldap','user_list','user_list'); - $setup_tpl->set_block('ldap','admin_list','admin_list'); - $setup_tpl->set_block('ldap','group_list','group_list'); - $setup_tpl->set_block('ldap','app_list','app_list'); - $setup_tpl->set_block('ldap','submit','submit'); - $setup_tpl->set_block('ldap','footer','footer'); - - while(list($key,$account) = each($account_info)) - { - $user_list .= ''; - } - - @reset($account_info); - while(list($key,$account) = each($account_info)) - { - $admin_list .= ''; - } - - while(list($key,$group) = each($group_info)) - { - $group_list .= ''; - } - - while(list($appname,$apptitle) = each($apps)) - { - if($appname == 'admin' || - $appname == 'skel' || - $appname == 'backup' || - $appname == 'netsaint' || - $appname == 'developer_tools' || - $appname == 'phpsysinfo' || - $appname == 'eldaptir' || - $appname == 'qmailldap') - { - $app_list .= ''; - } - else - { - $app_list .= ''; - } - } - - $setup_tpl->set_var('action_url','ldapimport.php'); - $setup_tpl->set_var('users',$user_list); - $setup_tpl->set_var('admins',$admin_list); - $setup_tpl->set_var('ldapgroups',$group_list); - $setup_tpl->set_var('s_apps',$app_list); - - $setup_tpl->set_var('ldap_import',lang('LDAP import users')); - $setup_tpl->set_var('description',lang("This section will help you import users and groups from your LDAP tree into eGroupWare's account tables").'.'); - $setup_tpl->set_var('select_users',lang('Select which user(s) will be imported')); - $setup_tpl->set_var('select_admins',lang('Select which user(s) will have admin privileges')); - $setup_tpl->set_var('select_groups',lang('Select which group(s) will be imported (group membership will be maintained)')); - $setup_tpl->set_var('select_apps',lang('Select the default applications to which your users will have access').'.'); - $setup_tpl->set_var('note',lang('Note: You will be able to customize this later').'.'); - $setup_tpl->set_var('form_submit','import'); - $setup_tpl->set_var('cancel',lang('Cancel')); - - $setup_tpl->pfp('out','header'); - $setup_tpl->pfp('out','user_list'); - $setup_tpl->pfp('out','admin_list'); - $setup_tpl->pfp('out','group_list'); - $setup_tpl->pfp('out','app_list'); - $setup_tpl->pfp('out','submit'); - $setup_tpl->pfp('out','footer'); - - $GLOBALS['egw_setup']->html->show_footer(); -?> diff --git a/setup/ldapmodify.php b/setup/ldapmodify.php deleted file mode 100644 index 8f53581370..0000000000 --- a/setup/ldapmodify.php +++ /dev/null @@ -1,433 +0,0 @@ - array( - 'noheader' => True, - 'nonavbar' => True, - 'currentapp' => 'home', - 'noapi' => True - )); - include('./inc/functions.inc.php'); - - /* Authorize the user to use setup app and load the database */ - if(!$GLOBALS['egw_setup']->auth('Config')) - { - Header('Location: index.php'); - exit; - } - /* Does not return unless user is authorized */ - - class egw - { - var $common; - var $accounts; - var $applications; - var $db; - } - $GLOBALS['egw'] = new egw; - $GLOBALS['egw']->common = CreateObject('phpgwapi.common'); - - $common = $GLOBALS['egw']->common; - $GLOBALS['egw_setup']->loaddb(); - $GLOBALS['egw']->db = clone($GLOBALS['egw_setup']->db); - - $tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup'); - $setup_tpl = CreateObject('setup.Template',$tpl_root); - $setup_tpl->set_file(array( - 'ldap' => 'ldap.tpl', - 'T_head' => 'head.tpl', - 'T_footer' => 'footer.tpl', - 'T_alert_msg' => 'msg_alert_msg.tpl' - )); - - $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array( - "config_name LIKE 'ldap%' OR config_name='account_repository'", - ),__LINE__,__FILE__); - while($GLOBALS['egw_setup']->db->next_record()) - { - $config[$GLOBALS['egw_setup']->db->f('config_name')] = $GLOBALS['egw_setup']->db->f('config_value'); - } - $GLOBALS['egw_info']['server']['ldap_host'] = $config['ldap_host']; - $GLOBALS['egw_info']['server']['ldap_context'] = $config['ldap_context']; - $GLOBALS['egw_info']['server']['ldap_group_context'] = $config['ldap_group_context']; - $GLOBALS['egw_info']['server']['ldap_root_dn'] = $config['ldap_root_dn']; - $GLOBALS['egw_info']['server']['ldap_root_pw'] = $config['ldap_root_pw']; - $GLOBALS['egw_info']['server']['account_repository'] = $config['account_repository']; - $GLOBALS['egw_info']['server']['ldap_version3'] = $config['ldap_version3']; - - $GLOBALS['egw']->accounts = CreateObject('phpgwapi.accounts'); - $acct = $GLOBALS['egw']->accounts; - - /* connect to ldap server */ - if(!$ldap = $common->ldapConnect()) - { - $noldapconnection = True; - } - - if($noldapconnection) - { - Header('Location: config.php?error=badldapconnection'); - exit; - } - - $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('cn','givenname','uid','uidnumber')); - $info = ldap_get_entries($ldap, $sr); - $tmp = ''; - - for($i=0; $i<$info['count']; $i++) - { - if(!$GLOBALS['egw_info']['server']['global_denied_users'][$info[$i]['uid'][0]]) - { - $account_info[$info[$i]['uidnumber'][0]] = $info[$i]; - } - } - - if($GLOBALS['egw_info']['server']['ldap_group_context']) - { - $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid')); - $info = ldap_get_entries($ldap, $srg); - $tmp = ''; - - for($i=0; $i<$info['count']; $i++) - { - if(!$GLOBALS['egw_info']['server']['global_denied_groups'][$info[$i]['cn'][0]] && - !$account_info[$i][$info[$i]['cn'][0]]) - { - $group_info[-$info[$i]['gidnumber'][0]] = $info[$i]; - } - } - } - else - { - $group_info = array(); - } - - $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->applications_table,'app_name','app_enabled != 0 AND app_enabled != 3',__LINE__,__FILE__); - while($GLOBALS['egw_setup']->db->next_record()) - { - $apps[$GLOBALS['egw_setup']->db->f('app_name')] = lang($GLOBALS['egw_setup']->db->f('app_name')); - } - - if($cancel) - { - Header("Location: ldap.php"); - exit; - } - - $GLOBALS['egw_setup']->html->show_header(lang('LDAP Modify'),False,'config',$GLOBALS['egw_setup']->ConfigDomain . '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')'); - $setup_complete = False; - if(isset($_POST['submit'])) - { - $acl = CreateObject('phpgwapi.acl'); - if(isset($_POST['ldapgroups'])) - { - $groups = CreateObject('phpgwapi.accounts'); - while(list($key,$groupid) = each($_POST['ldapgroups'])) - { - $id_exist = 0; - $entry = array(); - $thisacctid = $group_info[$groupid]['gidnumber'][0]; - $thisacctlid = $group_info[$groupid]['cn'][0]; - /* echo "Updating GROUPID : ".$thisacctlid."
\n"; */ - $thisfirstname = $group_info[$groupid]['cn'][0]; - $thismembers = $group_info[$groupid]['memberuid']; - $thisdn = $group_info[$groupid]['dn']; - - /* Do some checks before we try to import the data. */ - if(!empty($thisacctid) && !empty($thisacctlid)) - { - $groups->account_id = (int)$thisacctid; - - $sr = ldap_search($ldap,$config['ldap_group_context'],'cn='.$thisacctlid); - $entry = ldap_get_entries($ldap, $sr); - - reset($entry[0]['objectclass']); - $addclass = True; - while(list($key,$value) = each($entry[0]['objectclass'])) - { - if(strtolower($value) == 'phpgwaccount') - { - $addclass = False; - } - } - if($addclass) - { - reset($entry[0]['objectclass']); - $replace['objectclass'] = $entry[0]['objectclass']; - unset($replace['objectclass']['count']); - $replace['objectclass'][] = 'phpgwAccount'; - sort($replace['objectclass']); - ldap_mod_replace($ldap,$thisdn,$replace); - unset($replace); - unset($addclass); - } - unset($add); - if(!@isset($entry[0]['phpgwaccountstatus'])) - { - $add['phpgwaccountstatus'][] = 'A'; - } - if(!@isset($entry[0]['phpgwaccounttype'])) - { - $add['phpgwaccounttype'][] = 'g'; - } - if(!@isset($entry[0]['phpgwaccountexpires'])) - { - $add['phpgwaccountexpires'][] = -1; - } - if(@isset($add)) - { - ldap_mod_add($ldap,$thisdn,$add); - } - - /* Now make the members a member of this group in phpgw. */ - if(is_array($thismembers)) - { - foreach($thismembers as $key => $members) - { - if($key == 'count') - { - continue; - } - /* echo '
members: ' . $members; */ - $tmpid = 0; - @reset($account_info); - while(list($x,$y) = each($account_info)) - { - /* echo '
checking: '.$y['account_lid']; */ - if($members == $y['account_lid']) - { - $tmpid = $y['account_id']; - } - } - // Insert acls for this group based on memberuid field. - // Since the group has app rights, we don't need to give users - // these rights. Instead, we maintain group membership here. - if($tmpid) - { - $acl->account_id = (int)$tmpid; - $acl->read_repository(); - - $acl->delete('phpgw_group',$thisacctid,1); - $acl->add('phpgw_group',$thisacctid,1); - - // Now add the acl to let them change their password - $acl->delete('preferences','changepassword',1); - $acl->add('preferences','changepassword',1); - - $acl->save_repository(); - } - } - } - /* Now give this group some rights */ - $GLOBALS['egw_info']['user']['account_id'] = $thisacctid; - $acl->account_id = (int)$thisacctid; - $acl->read_repository(); - @reset($_POST['s_apps']); - while(list($key,$app) = @each($_POST['s_apps'])) - { - $acl->delete($app,'run',1); - $acl->add($app,'run',1); - } - $acl->save_repository(); - $defaultgroupid = $thisacctid; - } - } - } - - if(isset($_POST['users'])) - { - $accounts = CreateObject('phpgwapi.accounts'); - while(list($key,$id) = each($_POST['users'])) - { - $id_exist = 0; - $thisacctid = $account_info[$id]['uidnumber'][0]; - $thisacctlid = $account_info[$id]['uid'][0]; - /* echo "Updating USERID : ".$thisacctlid."
\n"; */ - $thisdn = $account_info[$id]['dn']; - - /* Do some checks before we try to import the data. */ - if(!empty($thisacctid) && !empty($thisacctlid)) - { - $accounts->account_id = (int)$thisacctid; - $sr = ldap_search($ldap,$config['ldap_context'],'uid='.$thisacctlid); - $entry = ldap_get_entries($ldap, $sr); - reset($entry[0]['objectclass']); - $addclass = True; - while(list($key,$value) = each($entry[0]['objectclass'])) - { - if(strtolower($value) == 'phpgwaccount') - { - $addclass = False; - } - } - if($addclass) - { - reset($entry[0]['objectclass']); - $replace['objectclass'] = $entry[0]['objectclass']; - unset($replace['objectclass']['count']); - $replace['objectclass'][] = 'phpgwAccount'; - sort($replace['objectclass']); - ldap_mod_replace($ldap,$thisdn,$replace); - unset($replace); - unset($addclass); - } - unset($add); - if(!@isset($entry[0]['phpgwaccountstatus'])) - { - $add['phpgwaccountstatus'][] = 'A'; - } - if(!@isset($entry[0]['phpgwaccounttype'])) - { - $add['phpgwaccounttype'][] = 'u'; - } - if(!@isset($entry[0]['phpgwaccountexpires'])) - { - $add['phpgwaccountexpires'][] = -1; - } - if(@isset($add)) - { - ldap_mod_add($ldap,$thisdn,$add); - } - - /* - Insert default acls for this user. - Since the group has app rights, we don't need to give users - these rights. - */ - $acl->account_id = (int)$thisacctid; - $acl->read_repository(); - - /* - However, if no groups were imported, we do need to give each user - apps access - */ - if(empty($_POST['ldapgroups'])) - { - @reset($_POST['s_apps']); - while(list($key,$app) = @each($_POST['s_apps'])) - { - $acl->delete($app,'run',1); - $acl->add($app,'run',1); - } - } - // Now add the acl to let them change their password - $acl->delete('preferences','changepassword',1); - $acl->add('preferences','changepassword',1); - - /* - Only give them admin if we asked for them to have it. - This is typically an exception to apps for run rights - as a group member. - */ - for($a=0;$a<=count($_POST['admins']);$a++) - { - if($_POST['admins'][$a] == $thisacctid) - { - $acl->delete('admin','run',1); - $acl->add('admin','run',1); - } - } - /* Save these new acls. */ - $acl->save_repository(); - } - } - } - $setup_complete = True; - } - - if(isset($_GET['error'])) - { - /* echo '
Error: '.$error.'
'; */ - $GLOBALS['egw_setup']->html->show_alert_msg('Error',$_GET['error']); - } - - if($setup_complete) - { - echo '
'.lang('Modifications have been completed!').' '.lang('Click here to return to setup.').'
'; - $GLOBALS['egw_setup']->html->show_footer(); - exit; - } - - $setup_tpl->set_block('ldap','header','header'); - $setup_tpl->set_block('ldap','user_list','user_list'); - $setup_tpl->set_block('ldap','admin_list','admin_list'); - $setup_tpl->set_block('ldap','group_list','group_list'); - $setup_tpl->set_block('ldap','app_list','app_list'); - $setup_tpl->set_block('ldap','submit','submit'); - $setup_tpl->set_block('ldap','footer','footer'); - - $user_list = ''; - while(list($key,$account) = @each($account_info)) - { - $user_list .= ''; - } - - $admin_list = ''; - @reset($account_info); - while (list($key,$account) = @each($account_info)) - { - $admin_list .= ''; - } - - $group_list = ''; - while(list($key,$group) = @each($group_info)) - { - $group_list .= ''; - } - - $app_list = ''; - while(list($appname,$apptitle) = each($apps)) - { - if($appname == 'admin' || - $appname == 'skel' || - $appname == 'backup' || - $appname == 'netsaint' || - $appname == 'developer_tools' || - $appname == 'phpsysinfo' || - $appname == 'eldaptir' || - $appname == 'qmailldap') - { - $app_list .= ''; - } - else - { - $app_list .= ''; - } - } - - $setup_tpl->set_var('action_url','ldapmodify.php'); - $setup_tpl->set_var('users',$user_list); - $setup_tpl->set_var('admins',$admin_list); - $setup_tpl->set_var('ldapgroups',$group_list); - $setup_tpl->set_var('s_apps',$app_list); - - $setup_tpl->set_var('ldap_import',lang('LDAP Modify')); - $setup_tpl->set_var('description',lang("This section will help you setup your LDAP accounts for use with eGroupWare").'.'); - $setup_tpl->set_var('select_users',lang('Select which user(s) will be modified')); - $setup_tpl->set_var('select_admins',lang('Select which user(s) will also have admin privileges')); - $setup_tpl->set_var('select_groups',lang('Select which group(s) will be modified (group membership will be maintained)')); - $setup_tpl->set_var('select_apps',lang('Select the default applications to which your users will have access').'.'); - $setup_tpl->set_var('form_submit',lang('Modify')); - $setup_tpl->set_var('cancel',lang('Cancel')); - - $setup_tpl->pfp('out','header'); - $setup_tpl->pfp('out','user_list'); - $setup_tpl->pfp('out','admin_list'); - $setup_tpl->pfp('out','group_list'); - $setup_tpl->pfp('out','app_list'); - $setup_tpl->pfp('out','submit'); - $setup_tpl->pfp('out','footer'); - - $GLOBALS['egw_setup']->html->show_footer(); -?> diff --git a/setup/setup-cli.php b/setup/setup-cli.php index 5107f3497e..9a7bf110a1 100755 --- a/setup/setup-cli.php +++ b/setup/setup-cli.php @@ -131,12 +131,22 @@ function do_config($args) ), '--smtpserver' => array( //smtp server,[smtp port],[smtp user],[smtp password] 'smtp_server','smtp_port','smtp_auth_user','smtp_auth_passwd'), + '--account-auth' => array( + array('name' => 'account_repository','allowed' => array('sql','ldap')), + array('name' => 'auth_type','allowed' => array('sql','ldap','mail','ads','http','sqlssl','nis','pam')), + array('name' => 'sql_encryption','allowed' => array('md5','blowfish_crypt','md5_crypt','crypt')), + 'check_save_password','allow_cookie_auth'), + '--ldap-host' => 'ldap_host', + '--ldap-root-dn' => 'ldap_root_dn', + '--ldap-root-pw' => 'ldap_root_pw', + '--ldap-context' => 'ldap_context', + '--ldap-group-context' => 'ldap_group_context', ); while (($arg = array_shift($args))) { if (!isset($config[$arg])) fail(90,lang("Unknown option '%1' !!!",$arg)); - foreach(explode(',',array_shift($args)) as $n => $value) + foreach(is_array($config[$arg]) ? explode(',',array_shift($args)) : array(array_shift($args)) as $n => $value) { if ($value === '' && is_array($config[$arg])) continue; @@ -187,14 +197,14 @@ function do_admin($arg) if (!$_POST['lname']) $_POST['lname'] = 'User'; $_POST['submit'] = true; - ob_start(); - include('admin_account.php'); - $error = ob_get_contents(); - ob_end_clean(); + $error = include('admin_account.php'); - if ($error) + switch ($error) { - fail(41,lang('Error in admin-creation !!!')); + case 41: + fail(41,lang('Error in admin-creation !!!')); + case 42: + fail(42,lang('Error in group-creation !!!')); } echo lang('Admin account successful created.')."\n"; } @@ -799,6 +809,8 @@ function do_usage() echo ' --webserver-url '.lang('eg. /egroupware or http://domain.com/egroupware, default: %1',str_replace('/setup/setup-cli.php','',$_SERVER['PHP_SELF']))."\n"; echo ' --mailserver '.lang('host,{imap | pop3 | imaps | pop3s},[domain],[{standard(default)|vmailmgr = add domain for mailserver login}]')."\n"; echo ' --smtpserver '.lang('host,[smtp port],[smtp user],[smtp password]')."\n"; + echo ' --account-auth '.lang('account repository{sql(default) | ldap},[authentication{sql | ldap | mail | ads | http | ...}],[sql encrypttion{md5 | blowfish_crypt | md5_crypt | crypt}],[check save password{ (default)|True}],[allow cookie auth{ (default)|True}]')."\n"; + echo ' --ldap-host --ldap-root-dn --ldap-root-pw --ldap-context --ldap-group-context'."\n"; echo '--admin '.lang('creates an admin user: domain(default),[config user(admin)],password,username,password,[first name],[last name],[email]')."\n"; echo '--language '.lang('install or update translations: domain(all),[config user(admin)],password,[[+]lang1[,lang2,...]] + adds, no langs update existing ones')."\n"; echo '--backup '.lang('domain(all),[config user(admin)],password,[file-name(default: backup-dir/db_backup-YYYYMMDDHHii)]')."\n"; diff --git a/setup/templates/default/account_migration.tpl b/setup/templates/default/account_migration.tpl new file mode 100644 index 0000000000..2d1c6aa8d5 --- /dev/null +++ b/setup/templates/default/account_migration.tpl @@ -0,0 +1,52 @@ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
{description}
+  {select_users}
+ + 		+  {select_groups}
+ +
{memberships}
+ + +
+ +
+
+ diff --git a/setup/templates/default/admin_account.tpl b/setup/templates/default/admin_account.tpl index 4fff9ce55e..1a155a5392 100644 --- a/setup/templates/default/admin_account.tpl +++ b/setup/templates/default/admin_account.tpl @@ -3,11 +3,9 @@ @@ -18,35 +16,43 @@
- {description} -

- {lang_deleteall} -

- {error} +

{description}

+

{lang_deleteall}

+ {error}
- + - + - + - + - + - + + + + + + + + + - +
{adminusername}
{adminfirstname}
{adminlastname}
{adminemail}
{adminpassword}
{adminpassword2}
{admin_all_apps}{all_apps_desc}
{create_demo_accounts} {demo_desc}
diff --git a/setup/templates/default/config.tpl b/setup/templates/default/config.tpl index 02b0c34f26..ea1caec198 100644 --- a/setup/templates/default/config.tpl +++ b/setup/templates/default/config.tpl @@ -327,29 +327,6 @@ {lang_If_using_LDAP}: - - {lang_You_will_need_to_load_the_proper_schema_into_your_ldap_server_-_see_phpgwapi/doc/ldap/README} !!! - - - - {lang_Do_you_want_to_manage_homedirectory_and_loginshell_attributes?}: - - - - - - - {lang_LDAP_Default_homedirectory_prefix_(e.g._/home_for_/home/username)}: - - - - - {lang_LDAP_Default_shell_(e.g._/bin/bash)}: - - {lang_LDAP_host}: @@ -391,19 +368,35 @@ - {lang_Enable_LDAP_Version_3}: + {lang_Do_you_want_to_manage_homedirectory_and_loginshell_attributes?}: - - + -   + {lang_LDAP_Default_homedirectory_prefix_(e.g._/home_for_/home/username)}: + + + {lang_LDAP_Default_shell_(e.g._/bin/bash)}: + + + + + + {lang_Migration_between_eGroupWare_account_repositories}: + + +
  • {lang_Account_repository_need_to_be_set_to_the_one_you_migrate_to!}
    • +
  • {lang_You_need_to_save_the_settings_you_made_here_first!}
    • + + + {lang_If_using_ADS_(Active_Directory)_authentication}: diff --git a/setup/templates/default/ldap.tpl b/setup/templates/default/ldap.tpl deleted file mode 100644 index a2e86b9ba1..0000000000 --- a/setup/templates/default/ldap.tpl +++ /dev/null @@ -1,98 +0,0 @@ - -
    - - - - - - - -
     {description}
     
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    {lang_ldapmodify}
    {lang_ldapimport}
    {lang_ldapexport}
    {lang_ldapdummy}
    -  {select_users} - - -
    -  {select_admins} - - -
    -  {select_groups} - - -
    -  {select_apps} -
     {note} -     		- -
    - - -
    - -
    -
    -