True, 'nonavbar' => True, 'currentapp' => 'home', 'noapi' => True ); include('../header.inc.php'); include('./inc/functions.inc.php'); // Authorize the user to use setup app and load the database if (!$phpgw_setup->auth('Config')) { Header('Location: index.php'); exit; } // Does not return unless user is authorized class phpgw { var $common; var $accounts; var $applications; var $db; } $phpgw = new phpgw; $phpgw->common = CreateObject('phpgwapi.common'); $common = $phpgw->common; $phpgw_setup->loaddb(); $phpgw->db = $phpgw_setup->db; $phpgw_info['server']['auth_type'] = 'ldap'; $phpgw->accounts = CreateObject('phpgwapi.accounts'); $acct = $phpgw->accounts; $phpgw->applications = CreateObject('phpgwapi.applications'); $applications = $phpgw->applications; $phpgw_setup->db->query("select config_name,config_value from phpgw_config where config_name like 'ldap%'",__LINE__,__FILE__); while ($phpgw_setup->db->next_record()) { $config[$phpgw_setup->db->f('config_name')] = $phpgw_setup->db->f('config_value'); } $phpgw_info['server']['ldap_host'] = $config['ldap_host']; $phpgw_info['server']['ldap_context'] = $config['ldap_context']; $phpgw_info['server']['ldap_group_context'] = $config['ldap_group_context']; $phpgw_info['server']['ldap_root_dn'] = $config['ldap_root_dn']; $phpgw_info['server']['ldap_root_pw'] = $config['ldap_root_pw']; // First, see if we can connect to the LDAP server, if not send `em back to config.php with an // error message. // connect to ldap server if (! $ldap = $common->ldapConnect()) { $noldapconnection = True; } if ($noldapconnection) { Header('Location: config.php?error=badldapconnection'); exit; } $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber')); $info = ldap_get_entries($ldap, $sr); for ($i=0; $i<$info['count']; $i++) { if (! $phpgw_info['server']['global_denied_users'][$info[$i]['uid'][0]]) { $account_info[$i]['account_id'] = $info[$i]['uidnumber'][0]; $account_info[$i]['account_lid'] = $info[$i]['uid'][0]; $account_info[$i]['account_firstname'] = $info[$i]['givenname'][0]; $account_info[$i]['account_lastname'] = $info[$i]['sn'][0]; } } if ($phpgw_info['server']['ldap_group_context']) { $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid')); $info = ldap_get_entries($ldap, $srg); for ($i=0; $i<$info['count']; $i++) { if (! $phpgw_info['server']['global_excluded_groups'][$info[$i]['cn'][0]] && ! $account_info[$i][$info[$i]['cn'][0]]) { $group_info[$i]['account_id'] = $info[$i]['gidnumber'][0]; $group_info[$i]['account_lid'] = $info[$i]['cn'][0]; $group_info[$i]['members'] = $info[$i]['memberuid']; $group_info[$i]['account_firstname'] = $info[$i]['cn'][0]; $group_info[$i]['account_lastname'] = ''; } } } $phpgw_setup->db->query("select app_name,app_title from phpgw_applications where app_enabled != '0' and " . "app_name != 'administration'",__LINE__,__FILE__); while ($phpgw_setup->db->next_record()) { $apps[$phpgw_setup->db->f('app_name')] = $phpgw_setup->db->f('app_title'); } if ($submit) { if (!count($admins)) { $error = '
You must select at least 1 admin'; } if (!count($s_apps)) { $error .= '
You must select at least 1 application'; } if (!$error) { if ($ldapgroups) { $groupimport = True; while ($group = each($group_info)) { $id_exist = 0; $thisacctid = $group[1]['account_id']; $thisacctlid = $group[1]['account_lid']; $thisfirstname = $group[1]['account_firstname']; $thislastname = $group[1]['account_lastname']; $thismembers = $group_info[$i]['members']; // Do some checks before we try to import the data. if (!empty($thisacctid) && !empty($thisacctlid)) { $groups = CreateObject('phpgwapi.accounts',intval($thisacctid)); $groups->db = $phpgw_setup->db; // Check if the account is already there. // If so, we won't try to create it again. $acct_exist = $acct->name2id($thisacctlid); if ($acct_exist) { $thisacctid = $acct_exist; } $id_exist = $accounts->exists(intval($thisacctid)); // If not, create it now. if(!$id_exist) { $accounts->create('g', $thisacctlid, 'x',$thisfirstname, $thislastname,'',$thisacctid); } // Now make them a member of this group in phpgw. while (list($members) = each($thismembers)) { // Insert acls for this group based on memberuid field. // Since the group has app rights, we don't need to give users // these rights. Instead, we maintain group membership here. $acl = CreateObject('phpgwapi.acl',intval($members)); $acl->db = $phpgw_setup->db; $acl->read_repository(); $acl->delete('phpgw_group',$thisacctid,1); $acl->add('phpgw_group',$thisacctid,1); // Now add the acl to let them change their password $acl->delete('preferences','changepassword',$thisacctid,1); $acl->add('preferences','changepassword',$thisacctid,1); $acl->save_repository(); } } } $setup_complete = True; } else { // Create the 'Default' group mt_srand((double)microtime()*1000000); $defaultgroupid = mt_rand (100, 65535); $acct = CreateObject('phpgwapi.accounts',$defaultgroupid); $acct->db = $phpgw_setup->db; // Check if the group account is already there. // If so, set our group_id to that account's id for use below. $acct_exist = $acct->name2id('Default'); if ($acct_exist) { $defaultgroupid = $acct_exist; } $id_exist = $acct->exists(intval($defaultgroupid)); // if not, create it, using our original groupid. if(!$id_exist) { $acct->create('g','Default',$passwd,'Default','Group','A',$defaultgroupid); } else { // Delete first, so ldap does not return an error, then recreate $acct->delete($defaultgroupid); $acct->create('g','Default',$passwd,'Default','Group','A',$defaultgroupid); } $acl = CreateObject('phpgwapi.acl',$defaultgroupid); $acl->db = $phpgw_setup->db; $acl->read_repository(); while ($app = each($s_apps)) { $acl->delete($app[1],'run',1); $acl->add($app[1],'run',1); } $acl->save_repository(); } //end default group creation while ($account = each($account_info)) { $id_exist = 0; $thisacctid = $account[1]['account_id']; $thisacctlid = $account[1]['account_lid']; $thisfirstname = $account[1]['account_firstname']; $thislastname = $account[1]['account_lastname']; // Do some checks before we try to import the data. if (!empty($thisacctid) && !empty($thisacctlid)) { $accounts = CreateObject('phpgwapi.accounts',intval($thisacctid)); $accounts->db = $phpgw_setup->db; // Check if the account is already there. // If so, we won't try to create it again. $acct_exist = $acct->name2id($thisacctlid); if ($acct_exist) { $thisacctid = $acct_exist; } $id_exist = $accounts->exists(intval($thisacctid)); // If not, create it now. if(!$id_exist) { $accounts->create('u', $thisacctlid, 'x',$thisfirstname, $thislastname,'A',$thisacctid); } // Insert default acls for this user. // Since the group has app rights, we don't need to give users // these rights. Instead, we make the user a member of the Default group // below. $acl = CreateObject('phpgwapi.acl',intval($thisacctid)); $acl->db = $phpgw_setup->db; $acl->read_repository(); // Only give them admin if we asked for them to have it. // This is typically an exception to apps for run rights // as a group member. for ($a=0;$adelete('admin','run',1); $acl->add('admin','run',1); } } // Now make them a member of the 'Default' group. // But, only if the current user is not the group itself. if ($defaultgroupid != $thisacctid) { $acl->delete('phpgw_group',$defaultgroupid,1); $acl->add('phpgw_group',$defaultgroupid,1); } // Save these new acls. $acl->save_repository(); } $setup_complete = True; } } } // Add a check to see if there are no users in LDAP, if not create a default user. $phpgw_setup->show_header(); if ($error) { echo '
Error: '.$error.'
'; } if ($setup_complete) { $phpgw_setup->db->query("select config_value from phpgw_config where config_name='webserver_url'",__LINE__,__FILE__); $phpgw_setup->db->next_record(); echo '
Setup has been completed! Click here to login
'; exit; } ?>
 LDAP import users
 This section will help you import users and groups from your LDAP tree into phpGroupWare's account tables.
 
 Select which user(s) will be imported
 Select which user(s) will have admin privileges
 Select which group(s) will be imported (group membership will be maintained)
 Select the default applications your users will have access to.
 Note: You will be able to customize this later.