From eed94133c362b49375d2d3a5f15eb260c0e590a0 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sat, 22 May 2004 11:00:18 +0000 Subject: [PATCH] fixed and extended auto_create_accounts: the following information from ldap are now automaticaly stored in the sql-account: - name & firstname - primary group (if a group with that numerical id exists in eGW, its added as primary group to the account and acl) - numerical account-id (if availible, no new one gets created, but the one from ldap is used) - email (as preference for the email-app) --- phpgwapi/inc/class.accounts_sql.inc.php | 55 +++++++++++++++++-------- phpgwapi/inc/class.auth_ldap.inc.php | 45 +++++++++----------- 2 files changed, 57 insertions(+), 43 deletions(-) diff --git a/phpgwapi/inc/class.accounts_sql.inc.php b/phpgwapi/inc/class.accounts_sql.inc.php index b947deceb4..94b719333d 100644 --- a/phpgwapi/inc/class.accounts_sql.inc.php +++ b/phpgwapi/inc/class.accounts_sql.inc.php @@ -9,7 +9,7 @@ * Copyright (C) 2003 Joseph Engo, Bettina Gille * * ------------------------------------------------------------------------ * * This library is part of the eGroupWare API * - * http://www.egroupware.org * + * http://www.egroupware.org * * ------------------------------------------------------------------------ * * This library is free software; you can redistribute it and/or modify it * * under the terms of the GNU Lesser General Public License as published by * @@ -277,11 +277,19 @@ return $ret_val; } - function create($account_info,$default_prefs=True) + function create($account_info) { - $this->db->query('INSERT INTO phpgw_accounts (account_lid,account_type,account_pwd,' + if (isset($account_info['account_id']) && (!(int)$account_info['account_id'] || $this->id2name($account_info['account_id']))) + { + // account_id already used => discard it + unset($account_info['account_id']); + } + $this->db->query('INSERT INTO phpgw_accounts ('.(isset($account_info['account_id'])?'account_id,':'') + . 'account_lid,account_type,account_pwd,' . 'account_firstname,account_lastname,account_status,account_expires,person_id,' - . "account_primary_group) VALUES ('".$this->db->db_addslashes($account_info['account_lid']) + . 'account_primary_group) VALUES (' + . (isset($account_info['account_id'])?(int)$account_info['account_id'].',':'') + . "'" . $this->db->db_addslashes($account_info['account_lid']) . "','" . $this->db->db_addslashes($account_info['account_type']) . "','" . $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'], True) . "', '" . $this->db->db_addslashes($account_info['account_firstname']) @@ -293,12 +301,6 @@ $accountid = $this->db->get_last_insert_id('phpgw_accounts','account_id'); -/* default prefs dont need to be set anymore - if($accountid && is_object($GLOBALS['phpgw']->preferences) && $default_prefs) - { - $GLOBALS['phpgw']->preferences->create_defaults($accountid); - } -*/ return $accountid; } @@ -329,21 +331,40 @@ $expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate)); } } + $primary_group = $GLOBALS['auto_create_acct']['primary_group'] && + $this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ? + (int) $GLOBALS['auto_create_acct']['primary_group'] : 0; $acct_info = array( + 'account_id' => (int) $GLOBALS['auto_create_acct']['id'], 'account_lid' => $accountname, 'account_type' => 'u', 'account_passwd' => $passwd, - 'account_firstname' => '', - 'account_lastname' => '', + 'account_firstname' => $GLOBALS['auto_create_acct']['firstname'], + 'account_lastname' => $GLOBALS['auto_create_acct']['lastname'], 'account_status' => $account_status, - 'account_expires' => $expires + 'account_expires' => $expires, + 'account_primary_group' => $primary_group, ); $this->db->transaction_begin(); - $this->create($acct_info,$default_prefs); + $this->create($acct_info); $accountid = $this->name2id($accountname); - + // if we have a primary_group, add it as "regular" eGW group (via ACL) too + if ($accountid && $primary_group) + { + $this->db->query("insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) values('phpgw_group', " + . $primary_group . ', ' . $accountid . ', 1)',__LINE__,__FILE__); + } + // if we have an mail address set it as email pref + if ($accountid && @$GLOBALS['auto_create_acct']['email']) + { + $GLOBALS['phpgw']->acl->acl($accountid); // needed als preferences::save_repository calls acl + $GLOBALS['phpgw']->preferences->preferences($accountid); + $GLOBALS['phpgw']->preferences->read_repository(); + $GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']); + $GLOBALS['phpgw']->preferences->save_repository(); + } if ($default_acls == False) { $default_group_lid = $GLOBALS['phpgw_info']['server']['default_group_lid']; @@ -365,9 +386,7 @@ 'addressbook', 'calendar', 'email', - 'notes', - 'todo', - 'phpwebhosting', + 'infolog', 'manual' ) as $app) { diff --git a/phpgwapi/inc/class.auth_ldap.inc.php b/phpgwapi/inc/class.auth_ldap.inc.php index 7763a8e791..ec941135a3 100644 --- a/phpgwapi/inc/class.auth_ldap.inc.php +++ b/phpgwapi/inc/class.auth_ldap.inc.php @@ -31,12 +31,6 @@ function authenticate($username, $passwd) { - /* - error_reporting MUST be set to zero, otherwise you'll get nasty LDAP errors with a bad login/pass... - these are just "warnings" and can be ignored..... - */ - error_reporting(0); - if (ereg('[()|&=*,<>!~]',$username)) { return False; @@ -60,7 +54,7 @@ return False; } /* find the dn for this uid, the uid is not always in the dn */ - $attributes = array('uid', 'dn'); + $attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber'); if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap') { $filter = "(&(uid=$username)(phpgwaccountstatus=A))"; @@ -69,8 +63,10 @@ { $filter = "(uid=$username)"; } + $sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes); $allValues = ldap_get_entries($ldap, $sri); + if ($allValues['count'] > 0) { if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true) @@ -96,16 +92,29 @@ if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap') { $account = CreateObject('phpgwapi.accounts',$username,'u'); + if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct']) + { + // create a global array with all availible info about that account + $GLOBALS['auto_create_acct'] = array(); + foreach(array( + 'givenname' => 'firstname', + 'sn' => 'lastname', + 'uidnumber' => 'id', + 'mail' => 'email', + 'gidnumber' => 'primary_group', + ) as $ldap_name => $acct_name) + { + $GLOBALS['auto_create_acct'][$acct_name] = + $GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8'); + } + return True; + } $data = $account->read_repository(); return $data['status'] == 'A'; } return True; } } - - /* Turn error reporting back to normal */ - error_reporting(7); - /* dn not found or password wrong */ return False; } @@ -133,20 +142,6 @@ return $entry['userpassword']; } - /* This data needs to be updated in LDAP, not SQL (jengo) */ - function old_update_lastlogin($account_id, $ip) - { - $GLOBALS['phpgw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id='$account_id'",__LINE__,__FILE__); - $GLOBALS['phpgw']->db->next_record(); - $this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); - - $now = time(); - - $GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" - . "$ip', account_lastlogin='" . $now - . "' WHERE account_id='$account_id'",__LINE__,__FILE__); - } - function update_lastlogin($_account_id, $ip) { $entry['phpgwaccountlastlogin'] = time();