rewrite of the accounts classes:

- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts

setup/admin_account.php

@@ -192,8 +192,7 @@
 			$GLOBALS['egw_setup']->db->transaction_abort();
 			exit;
 		}
-		$GLOBALS['egw_setup']->add_acl('phpgw_group',$admingroupid,$accountid);
+		$GLOBALS['egw_setup']->set_memberships(array($admingroupid,$defaultgroupid),$accountid);
-		$GLOBALS['egw_setup']->add_acl('phpgw_group',$defaultgroupid,$accountid);
 
 		$GLOBALS['egw_setup']->db->transaction_commit();
 

setup/inc/class.setup.inc.php

@@ -905,7 +905,7 @@
 
 			if(!($accountid = $GLOBALS['egw']->accounts->name2id($username)))
 			{
-				$accountid = $accountid ? $accountid : $GLOBALS['egw']->accounts->create(array(
+				if (!($accountid = $GLOBALS['egw']->accounts->create(array(
 					'account_type'      => $group ? 'u' : 'g',
 					'account_lid'       => $username,
 					'account_passwd'    => $passwd,
@@ -915,18 +915,40 @@
 					'account_primary_group' => $groupid,
 					'account_expires'   => -1,
 					'account_email'     => $email,
-				));
+				))))
+				{
+					return false;
+				}
+				$memberships = array();
+			}
+			else
+			{
+				$memberships = $GLOBALS['egw']->accounts->memberships($accountid);
 			}
-			$accountid = (int)$accountid;
 			if($groupid)
 			{
-				$this->add_acl('phpgw_group',(int)$groupid,$accountid);
+				$memberships[] = $groupid;
+				
+				$GLOBALS['egw']->accounts->set_memberships($memberships,$accountid);
 			}
 			$this->add_acl('preferences','changepassword',$accountid,(int)$changepw);
 
 			return $accountid;
 		}
 		
+		/**
+		 * Set the memberships of an account
+		 *
+		 * @param array $groups array of group-id's
+		 * @param int $user account_id
+		 */
+		function set_memberships($groups,$user)
+		{
+			$this->setup_account_object();
+			
+			return $GLOBALS['egw']->accounts->set_memberships($groups,$user);
+		}
+		
 		/**
 		 * Check if accounts other then the automatically installed anonymous account exist
 		 *
@@ -962,6 +984,8 @@
 		/**
 		 * Add ACL rights
 		 *
+		 * Dont use it to set group-membership, use set_memberships instead!
+		 * 
 		 * @param $app string/array with app-names
 		 * @param $locations string eg. run
 		 * @param $account int/string accountid or account_lid

setup/ldapexport.php

@@ -51,6 +51,21 @@
 		'T_alert_msg' => 'msg_alert_msg.tpl'
 	));
 
+	function hash_sql2ldap($hash)
+	{
+		switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']))
+		{
+			case '':	// not set sql_encryption_type
+			case 'md5':
+				$hash = '{md5}' . base64_encode(pack("H*",$hash));
+				break;
+			case 'crypt':
+				$hash = '{crypt}' . $hash;
+				break;
+		}
+		return $hash;
+	}
+
 	$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array(
 		"config_name LIKE 'ldap%'",
 	),__LINE__,__FILE__);
@@ -120,6 +135,8 @@
 				}
 				$account_info[$accountid]['homedirectory'] = $GLOBALS['egw_info']['server']['ldap_account_home'] . '/' . $account_info[$accountid]['account_lid'];
 				$account_info[$accountid]['loginshell'] = $GLOBALS['egw_info']['server']['ldap_account_shell'];
+				
+				$account_info[$accountid]['account_passwd'] = hash_sql2ldap($account_info[$accountid]['account_passwd']);
 
 				if (!$accounts->create($account_info[$accountid]))
 				{