| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <?php 2 /**************************************************************************\ 3 * eGroupWare - Setup * 4 * http://www.egroupware.org * 5 * -------------------------------------------- * 6 * This program is free software; you can redistribute it and/or modify it * 7 * under the terms of the GNU General Public License as published by the * 8 * Free Software Foundation; either version 2 of the License, or (at your * 9 * option) any later version. * 10 \**************************************************************************/ 11 12 /* $Id: ldapimport.php 23096 2006-12-21 07:07:56Z ralfbecker $ */ 13 14 $GLOBALS['egw_info'] = array( 15 'flags' => array( 16 'noheader' => True, 17 'nonavbar' => True, 18 'currentapp' => 'home', 19 'noapi' => True 20 )); 21 include ('./inc/functions.inc.php'); 22 23 // Authorize the user to use setup app and load the database 24 if(!$GLOBALS['egw_setup']->auth('Config')) 25 { 26 Header('Location: index.php'); 27 exit; 28 } 29 // Does not return unless user is authorized 30 31 class egw 32 { 33 var $common; 34 var $accounts; 35 var $applications; 36 var $db; 37 } 38 $egw = new egw; 39 $egw->common = CreateObject('phpgwapi.common'); 40 41 $common = $egw->common; 42 $GLOBALS['egw_setup']->loaddb(); 43 $egw->db = $GLOBALS['egw_setup']->db; 44 45 $tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup'); 46 $setup_tpl = CreateObject('setup.Template',$tpl_root); 47 $setup_tpl->set_file(array( 48 'ldap' => 'ldap.tpl', 49 'T_head' => 'head.tpl', 50 'T_footer' => 'footer.tpl', 51 'T_alert_msg' => 'msg_alert_msg.tpl' 52 )); 53 54 $GLOBALS['egw_info']['server']['auth_type'] = 'ldap'; 55 56 $egw->applications = CreateObject('phpgwapi.applications'); 57 $applications = $egw->applications; 58 59 $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array( 60 "config_name LIKE 'ldap%' OR config_name='account_repository'", 61 ),__LINE__,__FILE__); 62 while($GLOBALS['egw_setup']->db->next_record()) 63 { 64 $config[$GLOBALS['egw_setup']->db->f('config_name')] = $GLOBALS['egw_setup']->db->f('config_value'); 65 } 66 $GLOBALS['egw_info']['server']['ldap_host'] = $config['ldap_host']; 67 $GLOBALS['egw_info']['server']['ldap_context'] = $config['ldap_context']; 68 $GLOBALS['egw_info']['server']['ldap_group_context'] = $config['ldap_group_context']; 69 $GLOBALS['egw_info']['server']['ldap_root_dn'] = $config['ldap_root_dn']; 70 $GLOBALS['egw_info']['server']['ldap_root_pw'] = $config['ldap_root_pw']; 71 $GLOBALS['egw_info']['server']['ldap_version3'] = $config['ldap_version3'] == "True" ? True : False; 72 $GLOBALS['egw_info']['server']['account_repository'] = $config['account_repository']; 73 74 $egw->accounts = CreateObject('phpgwapi.accounts'); 75 $acct = $egw->accounts; 76 77 // First, see if we can connect to the LDAP server, if not send `em back to config.php with an 78 // error message. 79 80 // connect to ldap server 81 if(!$ldap = $common->ldapConnect()) 82 { 83 $noldapconnection = True; 84 } 85 86 if($noldapconnection) 87 { 88 Header('Location: config.php?error=badldapconnection'); 89 exit; 90 } 91 92 $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('sn','givenname','uid','uidnumber','email','gidnumber')); 93 $info = ldap_get_entries($ldap, $sr); 94 $account_info = $group_info = array(); 95 96 for($i=0; $i<$info['count']; $i++) 97 { 98 if(!$GLOBALS['egw_info']['server']['global_denied_users'][$info[$i]['uid'][0]]) 99 { 100 $account_info[$info[$i]['uidnumber'][0]] = array( 101 'account_id' => $info[$i]['uidnumber'][0], 102 'account_lid' => $info[$i]['uid'][0], 103 'account_firstname' => $info[$i]['givenname'][0], 104 'account_lastname' => $info[$i]['sn'][0], 105 'account_passwd' => $info[$i]['userpassword'][0], 106 'account_email' => $info[$i]['email'][0], 107 'account_primary_group' => -$info[$i]['gidnumber'][0], 108 ); 109 } 110 } 111 112 if($GLOBALS['egw_info']['server']['ldap_group_context']) 113 { 114 $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid')); 115 $info = ldap_get_entries($ldap, $srg); 116 117 for($i=0; $i<$info['count']; $i++) 118 { 119 if(!$GLOBALS['egw_info']['server']['global_denied_groups'][$info[$i]['cn'][0]] && 120 !$account_info[$i][$info[$i]['cn'][0]]) 121 { 122 $group_info[-$info[$i]['gidnumber'][0]] = array( 123 'account_id' => -$info[$i]['gidnumber'][0], 124 'account_lid' => $info[$i]['cn'][0], 125 'members' => $info[$i]['memberuid'], 126 'account_firstname' => $info[$i]['cn'][0], 127 'account_lastname' => 'Group' 128 ); 129 } 130 } 131 } 132 133 $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->applications_table,'app_name','app_enabled != 0 AND app_enabled != 3',__LINE__,__FILE__); 134 while($GLOBALS['egw_setup']->db->next_record()) 135 { 136 $apps[$GLOBALS['egw_setup']->db->f('app_name')] = lang($GLOBALS['egw_setup']->db->f('app_name')); 137 } 138 139 $cancel = get_var('cancel','POST'); 140 $submit = get_var('submit','POST'); 141 $users = get_var('users','POST'); 142 $admins = get_var('admins','POST'); 143 $s_apps = get_var('s_apps','POST'); 144 $ldapgroups = get_var('ldapgroups','POST'); 145 146 if($cancel) 147 { 148 Header('Location: ldap.php'); 149 exit; 150 } 151 152 if($submit) 153 { 154 if(!count($admins)) 155 { 156 $error = '<br />You must select at least 1 admin'; 157 } 158 159 if(!count($s_apps)) 160 { 161 $error .= '<br />You must select at least 1 application'; 162 } 163 164 if(!$error) 165 { 166 if($users) 167 { 168 foreach($users as $id) 169 { 170 $thisacctid = $account_info[$id]['account_id']; 171 $thisacctlid = $account_info[$id]['account_lid']; 172 173 // Do some checks before we try to import the data. 174 if(!empty($thisacctid) && !empty($thisacctlid)) 175 { 176 $accounts =& CreateObject('phpgwapi.accounts',(int)$thisacctid); 177 178 // Check if the account is already there. 179 // If so, we won't try to create it again. 180 $acct_exist = $acct->name2id($thisacctlid); 181 if($acct_exist) 182 { 183 $thisacctid = $acct_exist; 184 } 185 $id_exist = $accounts->exists($thisacctlid); 186 // If not, create it now. 187 if(!$id_exist) 188 { 189 $thisacctid = $accounts->create($account_info[$id]+array( 190 'account_type' => 'u', 191 'account_status' => 'A', 192 'account_expires' => -1, 193 )); 194 } 195 if (!$thisacctid) // if we have no account_id, we cant continue 196 { 197 continue; 198 } 199 // Insert default acls for this user. 200 // Since the group has app rights, we don't need to give users 201 // these rights. Instead, we make the user a member of the Default group 202 // below. 203 $acl = CreateObject('phpgwapi.acl',(int)$thisacctid); 204 $acl->db = $GLOBALS['egw_setup']->db; 205 $acl->read_repository(); 206 207 // Only give them admin if we asked for them to have it. 208 // This is typically an exception to apps for run rights 209 // as a group member. 210 for($a=0;$a<count($admins);$a++) 211 { 212 if($admins[$a] == $thisacctlid) 213 { 214 $acl->delete('admin','run',1); 215 $acl->add('admin','run',1); 216 } 217 } 218 219 // Now make them a member of the 'Default' group. 220 // But, only if the current user is not the group itself. 221 if(!$defaultgroupid) 222 { 223 $defaultgroupid = $accounts->name2id('Default'); 224 } 225 if($defaultgroupid) 226 { 227 $acl->delete('phpgw_group',$defaultgroupid,1); 228 $acl->add('phpgw_group',$defaultgroupid,1); 229 } 230 231 // Save these new acls. 232 $acl->save_repository(); 233 } 234 } 235 } 236 237 if($ldapgroups) 238 { 239 foreach($ldapgroups as $groupid) 240 { 241 $id_exist = 0; 242 $thisacctid = $group_info[$groupid]['account_id']; 243 $thisacctlid = $group_info[$groupid]['account_lid']; 244 $thisfirstname = $group_info[$groupid]['account_firstname']; 245 $thislastname = $group_info[$groupid]['account_lastname']; 246 $thismembers = $group_info[$groupid]['members']; 247 248 // Do some checks before we try to import the data. 249 if(!empty($thisacctid) && !empty($thisacctlid)) 250 { 251 $groups = CreateObject('phpgwapi.accounts',(int)$thisacctid); 252 253 // Check if the account is already there. 254 // If so, we won't try to create it again. 255 $acct_exist = $groups->name2id($thisacctlid); 256 /* echo '<br<group: ' . $acct_exist; */ 257 if($acct_exist) 258 { 259 $thisacctid = $acct_exist; 260 } 261 $id_exist = $groups->exists((int)$thisacctid); 262 // If not, create it now. 263 if(!$id_exist) 264 { 265 $thisacctid = $groups->create(array( 266 'account_type' => 'g', 267 'account_lid' => $thisacctlid, 268 'account_passwd' => 'x', 269 'account_firstname' => $thisfirstname, 270 'account_lastname' => $thislastname, 271 'account_status' => 'A', 272 'account_expires' => -1 273 )); 274 } 275 if (!$thisacctid) // if we have no account_id, we cant continue 276 { 277 continue; 278 } 279 // Now make them a member of this group in phpgw. 280 foreach($thismembers as $key =>$members) 281 { 282 if($key == 'count') 283 { 284 continue; 285 } 286 /* echo '<br />members: ' . $members; */ 287 $tmpid = 0; 288 @reset($account_info); 289 while(list($x,$y) = each($account_info)) 290 { 291 /* echo '<br />checking: '.$y['account_lid']; */ 292 if($members == $y['account_lid']) 293 { 294 $tmpid = $acct->name2id($y['account_lid']); 295 } 296 } 297 /* 298 Insert acls for this group based on memberuid field. 299 Since the group has app rights, we don't need to give users 300 these rights. Instead, we maintain group membership here. 301 */ 302 if($tmpid) 303 { 304 $acl = CreateObject('phpgwapi.acl',$tmpid); 305 $acl->account_id = (int)$tmpid; 306 $acl->read_repository(); 307 308 $acl->delete('phpgw_group',$thisacctid,1); 309 $acl->add('phpgw_group',$thisacctid,1); 310 311 /* Now add the acl to let them change their password */ 312 $acl->delete('preferences','changepassword',1); 313 $acl->add('preferences','changepassword',1); 314 315 $acl->save_repository(); 316 317 /* Add prefs for selected apps here, since they are per-user. 318 App access is added below. 319 */ 320 $pref = CreateObject('phpgwapi.preferences',$tmpid); 321 $pref->db = $GLOBALS['egw_setup']->db; 322 $pref->account_id = (int)$tmpid; 323 $pref->read_repository(); 324 @reset($s_apps); 325 while(list($key,$app) = each($s_apps)) 326 { 327 $egw->hooks->single('add_def_pref',$app); 328 } 329 $pref->save_repository(); 330 } 331 } 332 /* Now give this group some rights */ 333 $GLOBALS['egw_info']['user']['account_id'] = $thisacctid; 334 $acl = CreateObject('phpgwapi.acl'); 335 $acl->account_id = (int)$thisacctid; 336 $acl->read_repository(); 337 @reset($s_apps); 338 while(list($key,$app) = each($s_apps)) 339 { 340 $acl->delete($app,'run',1); 341 $acl->add($app,'run',1); 342 } 343 $acl->save_repository(); 344 $defaultgroupid = $thisacctid; 345 } 346 } 347 } 348 else 349 { 350 /* Create the 'Default' group */ 351 $groups = CreateObject('phpgwapi.accounts',$defaultgroupid); 352 353 // Check if the group account is already there. 354 // If so, set our group_id to that account's id for use below. 355 $acct_exist = $groups->name2id('Default'); 356 if($acct_exist) 357 { 358 $defaultgroupid = $acct_exist; 359 } 360 $id_exist = $groups->exists((int)$defaultgroupid); 361 // if not, create it, using our original groupid. 362 if($id_exist) 363 { 364 $groups->delete($defaultgroupid); 365 } 366 $thisgroup_info = array( 367 'account_type' => 'g', 368 'account_lid' => 'Default', 369 'account_passwd' => $passwd, 370 'account_firstname' => 'Default', 371 'account_lastname' => 'Group', 372 'account_status' => 'A', 373 'account_expires' => -1 374 ); 375 $defaultgroupid = $acct->create($thisgroup_info); 376 377 $acl = CreateObject('phpgwapi.acl',$defaultgroupid); 378 $acl->account_id = (int)$defaultgroupid; 379 $acl->read_repository(); 380 @reset($s_apps); 381 while(list($key,$app) = each($s_apps)) 382 { 383 $acl->delete($app,'run',1); 384 $acl->add($app,'run',1); 385 } 386 $acl->save_repository(); 387 } //end default group creation 388 } 389 $setup_complete = True; 390 } 391 392 $GLOBALS['egw_setup']->html->show_header(lang('LDAP Import'),False,'config',$GLOBALS['egw_setup']->ConfigDomain . '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')'); 393 394 if($error) 395 { 396 //echo '<br /><center><b>Error:</b> '.$error.'</center>'; 397 $GLOBALS['egw_setup']->html->show_alert_msg('Error',$error); 398 } 399 400 if($setup_complete) 401 { 402 echo '<br /><center>'.lang('Import has been completed!').' '.lang('Click <a href="index.php">here</a> to return to setup.').'</center>'; 403 $GLOBALS['egw_setup']->html->show_footer(); 404 exit; 405 } 406 407 $setup_tpl->set_block('ldap','header','header'); 408 $setup_tpl->set_block('ldap','user_list','user_list'); 409 $setup_tpl->set_block('ldap','admin_list','admin_list'); 410 $setup_tpl->set_block('ldap','group_list','group_list'); 411 $setup_tpl->set_block('ldap','app_list','app_list'); 412 $setup_tpl->set_block('ldap','submit','submit'); 413 $setup_tpl->set_block('ldap','footer','footer'); 414 415 while(list($key,$account) = each($account_info)) 416 { 417 $user_list .= '<option value="' . $account['account_id'] . '">' 418 . $common->display_fullname($account['account_lid'],$account['account_firstname'],$account['account_lastname']) 419 . '</option>'; 420 } 421 422 @reset($account_info); 423 while(list($key,$account) = each($account_info)) 424 { 425 $admin_list .= '<option value="' . $account['account_lid'] . '">' 426 . $common->display_fullname($account['account_lid'],$account['account_firstname'],$account['account_lastname']) 427 . '</option>'; 428 } 429 430 while(list($key,$group) = each($group_info)) 431 { 432 $group_list .= '<option value="' . $group['account_id'] . '">' 433 . $group['account_lid'] 434 . '</option>'; 435 } 436 437 while(list($appname,$apptitle) = each($apps)) 438 { 439 if($appname == 'admin' || 440 $appname == 'skel' || 441 $appname == 'backup' || 442 $appname == 'netsaint' || 443 $appname == 'developer_tools' || 444 $appname == 'phpsysinfo' || 445 $appname == 'eldaptir' || 446 $appname == 'qmailldap') 447 { 448 $app_list .= '<option value="' . $appname . '">' . $apptitle . '</option>'; 449 } 450 else 451 { 452 $app_list .= '<option value="' . $appname . '" selected="selected">' . $apptitle . '</option>'; 453 } 454 } 455 456 $setup_tpl->set_var('action_url','ldapimport.php'); 457 $setup_tpl->set_var('users',$user_list); 458 $setup_tpl->set_var('admins',$admin_list); 459 $setup_tpl->set_var('ldapgroups',$group_list); 460 $setup_tpl->set_var('s_apps',$app_list); 461 462 $setup_tpl->set_var('ldap_import',lang('LDAP import users')); 463 $setup_tpl->set_var('description',lang("This section will help you import users and groups from your LDAP tree into eGroupWare's account tables").'.'); 464 $setup_tpl->set_var('select_users',lang('Select which user(s) will be imported')); 465 $setup_tpl->set_var('select_admins',lang('Select which user(s) will have admin privileges')); 466 $setup_tpl->set_var('select_groups',lang('Select which group(s) will be imported (group membership will be maintained)')); 467 $setup_tpl->set_var('select_apps',lang('Select the default applications to which your users will have access').'.'); 468 $setup_tpl->set_var('note',lang('Note: You will be able to customize this later').'.'); 469 $setup_tpl->set_var('form_submit','import'); 470 $setup_tpl->set_var('cancel',lang('Cancel')); 471 472 $setup_tpl->pfp('out','header'); 473 $setup_tpl->pfp('out','user_list'); 474 $setup_tpl->pfp('out','admin_list'); 475 $setup_tpl->pfp('out','group_list'); 476 $setup_tpl->pfp('out','app_list'); 477 $setup_tpl->pfp('out','submit'); 478 $setup_tpl->pfp('out','footer'); 479 480 $GLOBALS['egw_setup']->html->show_footer(); 481 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |