From fe95ab9038b0155f6f6850d0961c16501b60785a Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Tue, 10 Apr 2001 13:05:54 +0000 Subject: [PATCH] to match the other future accounts work - this is not ready yet --- setup/ldap_wip.php | 391 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 391 insertions(+) create mode 100644 setup/ldap_wip.php diff --git a/setup/ldap_wip.php b/setup/ldap_wip.php new file mode 100644 index 0000000000..2a8e662220 --- /dev/null +++ b/setup/ldap_wip.php @@ -0,0 +1,391 @@ + True, + 'nonavbar' => True, + 'currentapp' => 'home', + 'noapi' => True + ); + + include('../header.inc.php'); + include('./inc/functions.inc.php'); + + // Authorize the user to use setup app and load the database + if (!$phpgw_setup->auth('Config')) + { + Header('Location: index.php'); + exit; + } + // Does not return unless user is authorized + class phpgw + { + var $common; + var $accounts; + var $applications; + var $db; + } + $phpgw = new phpgw; + $phpgw->common = CreateObject('phpgwapi.common'); + + $common = $phpgw->common; + $phpgw_setup->loaddb(); + $phpgw->db = $phpgw_setup->db; + + $phpgw_info['server']['auth_type'] = 'ldap'; + $phpgw->accounts = CreateObject('phpgwapi.accounts'); + $acct = $phpgw->accounts; + $phpgw->applications = CreateObject('phpgwapi.applications'); + $applications = $phpgw->applications; + + $phpgw_setup->db->query("select config_name,config_value from phpgw_config where config_name like 'ldap%'",__LINE__,__FILE__); + while ($phpgw_setup->db->next_record()) + { + $config[$phpgw_setup->db->f('config_name')] = $phpgw_setup->db->f('config_value'); + } + $phpgw_info['server']['ldap_host'] = $config['ldap_host']; + $phpgw_info['server']['ldap_context'] = $config['ldap_context']; + $phpgw_info['server']['ldap_group_context'] = $config['ldap_group_context']; + $phpgw_info['server']['ldap_root_dn'] = $config['ldap_root_dn']; + $phpgw_info['server']['ldap_root_pw'] = $config['ldap_root_pw']; + + // First, see if we can connect to the LDAP server, if not send `em back to config.php with an + // error message. + + // connect to ldap server + if (! $ldap = $common->ldapConnect()) + { + $noldapconnection = True; + } + + if ($noldapconnection) + { + Header('Location: config.php?error=badldapconnection'); + exit; + } + + $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber')); + $info = ldap_get_entries($ldap, $sr); + + for ($i=0; $i<$info['count']; $i++) + { + if (! $phpgw_info['server']['global_denied_users'][$info[$i]['uid'][0]]) + { + $account_info[$i]['account_id'] = $info[$i]['uidnumber'][0]; + $account_info[$i]['account_lid'] = $info[$i]['uid'][0]; + $account_info[$i]['account_firstname'] = $info[$i]['givenname'][0]; + $account_info[$i]['account_lastname'] = $info[$i]['sn'][0]; + } + } + + if ($phpgw_info['server']['ldap_group_context']) + { + $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid')); + $info = ldap_get_entries($ldap, $srg); + + for ($i=0; $i<$info['count']; $i++) + { + if (! $phpgw_info['server']['global_excluded_groups'][$info[$i]['cn'][0]] && + ! $account_info[$i][$info[$i]['cn'][0]]) + { + $group_info[$i]['account_id'] = $info[$i]['gidnumber'][0]; + $group_info[$i]['account_lid'] = $info[$i]['cn'][0]; + $group_info[$i]['members'] = $info[$i]['memberuid']; + $group_info[$i]['account_firstname'] = $info[$i]['cn'][0]; + $group_info[$i]['account_lastname'] = ''; + } + } + } + + $phpgw_setup->db->query("select app_name,app_title from phpgw_applications where app_enabled != '0' and " + . "app_name != 'administration'",__LINE__,__FILE__); + while ($phpgw_setup->db->next_record()) { + $apps[$phpgw_setup->db->f('app_name')] = $phpgw_setup->db->f('app_title'); + } + + if ($submit) { + if (!count($admins)) { + $error = '
You must select at least 1 admin'; + } + + if (!count($s_apps)) { + $error .= '
You must select at least 1 application'; + } + + if (!$error) { + if ($ldapgroups) + { + $groupimport = True; + while ($group = each($group_info)) + { + $id_exist = 0; + $thisacctid = $group[1]['account_id']; + $thisacctlid = $group[1]['account_lid']; + $thisfirstname = $group[1]['account_firstname']; + $thislastname = $group[1]['account_lastname']; + $thismembers = $group_info[$i]['members']; + + // Do some checks before we try to import the data. + if (!empty($thisacctid) && !empty($thisacctlid)) + { + $groups = CreateObject('phpgwapi.accounts',intval($thisacctid)); + $groups->db = $phpgw_setup->db; + + // Check if the account is already there. + // If so, we won't try to create it again. + $acct_exist = $acct->name2id($thisacctlid); + if ($acct_exist) + { + $thisacctid = $acct_exist; + } + $id_exist = $accounts->exists(intval($thisacctid)); + // If not, create it now. + if(!$id_exist) + { + $accounts->create('g', $thisacctlid, 'x',$thisfirstname, $thislastname,'',$thisacctid); + } + + // Now make them a member of this group in phpgw. + while (list($members = each($thismembers)) + { + // Insert acls for this group based on memberuid field. + // Since the group has app rights, we don't need to give users + // these rights. Instead, we maintain group membership here. + $acl = CreateObject('phpgwapi.acl',intval($members)); + $acl->db = $phpgw_setup->db; + $acl->read_repository(); + + $acl->delete('phpgw_group',$thisacctid,1); + $acl->add('phpgw_group',$thisacctid,1); + $acl->save_repository(); + } + } + } + $setup_complete = True; + } + else + { + // Create the 'Default' group + mt_srand((double)microtime()*1000000); + $defaultgroupid = mt_rand (100, 65535); + + $acct = CreateObject('phpgwapi.accounts',$defaultgroupid); + $acct->db = $phpgw_setup->db; + + // Check if the group account is already there. + // If so, set our group_id to that account's id for use below. + $acct_exist = $acct->name2id('Default'); + if ($acct_exist) { + $defaultgroupid = $acct_exist; + } + $id_exist = $acct->exists(intval($defaultgroupid)); + // if not, create it, using our original groupid. + if(!$id_exist) { + $acct->create('g','Default',$passwd,'Default','Group','A',$defaultgroupid); + } else { + // Delete first, so ldap does not return an error, then recreate + $acct->delete($defaultgroupid); + $acct->create('g','Default',$passwd,'Default','Group','A',$defaultgroupid); + } + + $acl = CreateObject('phpgwapi.acl',$defaultgroupid); + $acl->db = $phpgw_setup->db; + $acl->read_repository(); + while ($app = each($s_apps)) { + $acl->delete($app[1],'run',1); + $acl->add($app[1],'run',1); + } + $acl->save_repository(); + } //end default group creation + + while ($account = each($account_info)) + { + $id_exist = 0; + $thisacctid = $account[1]['account_id']; + $thisacctlid = $account[1]['account_lid']; + $thisfirstname = $account[1]['account_firstname']; + $thislastname = $account[1]['account_lastname']; + + // Do some checks before we try to import the data. + if (!empty($thisacctid) && !empty($thisacctlid)) + { + $accounts = CreateObject('phpgwapi.accounts',intval($thisacctid)); + $accounts->db = $phpgw_setup->db; + + // Check if the account is already there. + // If so, we won't try to create it again. + $acct_exist = $acct->name2id($thisacctlid); + if ($acct_exist) + { + $thisacctid = $acct_exist; + } + $id_exist = $accounts->exists(intval($thisacctid)); + // If not, create it now. + if(!$id_exist) + { + $accounts->create('u', $thisacctlid, 'x',$thisfirstname, $thislastname,'A',$thisacctid); + } + + // Insert default acls for this user. + // Since the group has app rights, we don't need to give users + // these rights. Instead, we make the user a member of the Default group + // below. + $acl = CreateObject('phpgwapi.acl',intval($thisacctid)); + $acl->db = $phpgw_setup->db; + $acl->read_repository(); + + // Only give them admin if we asked for them to have it. + // This is typically an exception to apps for run rights + // as a group member. + for ($a=0;$adelete('admin','run',1); + $acl->add('admin','run',1); + } + } + + // Now make them a member of the 'Default' group. + // But, only if the current user is not the group itself. + if ($defaultgroupid != $thisacctid) + { + $acl->delete('phpgw_group',$defaultgroupid,1); + $acl->add('phpgw_group',$defaultgroupid,1); + } + + // Save these new acls. + $acl->save_repository(); + } + $setup_complete = True; + } + } + } + + // Add a check to see if there are no users in LDAP, if not create a default user. + + $phpgw_setup->show_header(); + + if ($error) { + echo '
Error: '.$error.'
'; + } + + if ($setup_complete) { + $phpgw_setup->db->query("select config_value from phpgw_config where config_name='webserver_url'",__LINE__,__FILE__); + $phpgw_setup->db->next_record(); + echo '
Setup has been completed! Click here to login
'; + exit; + } +?> + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
 LDAP import users
 This section will help you import users and groups from your LDAP tree into phpGroupWare's account tables.
 
+  Select which user(s) will be imported + + +
+  Select which user(s) will have admin privileges + + +
+  Select which group(s) will be imported (group membership will be maintained) + + +
+  Select the default applications your users will have access to. +
 Note: You will be able to customize this later. + 		+ +
+ +
+