| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <?php 2 /**************************************************************************\ 3 * eGroupWare - Setup * 4 * http://www.egroupware.org * 5 * -------------------------------------------- * 6 * This program is free software; you can redistribute it and/or modify it * 7 * under the terms of the GNU General Public License as published by the * 8 * Free Software Foundation; either version 2 of the License, or (at your * 9 * option) any later version. * 10 \**************************************************************************/ 11 12 /* $Id: ldapmodify.php 22830 2006-11-12 19:14:33Z ralfbecker $ */ 13 14 $GLOBALS['egw_info'] = array( 15 'flags' => array( 16 'noheader' => True, 17 'nonavbar' => True, 18 'currentapp' => 'home', 19 'noapi' => True 20 )); 21 include ('./inc/functions.inc.php'); 22 23 /* Authorize the user to use setup app and load the database */ 24 if(!$GLOBALS['egw_setup']->auth('Config')) 25 { 26 Header('Location: index.php'); 27 exit; 28 } 29 /* Does not return unless user is authorized */ 30 31 class egw 32 { 33 var $common; 34 var $accounts; 35 var $applications; 36 var $db; 37 } 38 $GLOBALS['egw'] = new egw; 39 $GLOBALS['egw']->common = CreateObject('phpgwapi.common'); 40 41 $common = $GLOBALS['egw']->common; 42 $GLOBALS['egw_setup']->loaddb(); 43 $GLOBALS['egw']->db = clone($GLOBALS['egw_setup']->db); 44 45 $tpl_root = $GLOBALS['egw_setup']->html->setup_tpl_dir('setup'); 46 $setup_tpl = CreateObject('setup.Template',$tpl_root); 47 $setup_tpl->set_file(array( 48 'ldap' => 'ldap.tpl', 49 'T_head' => 'head.tpl', 50 'T_footer' => 'footer.tpl', 51 'T_alert_msg' => 'msg_alert_msg.tpl' 52 )); 53 54 $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array( 55 "config_name LIKE 'ldap%' OR config_name='account_repository'", 56 ),__LINE__,__FILE__); 57 while($GLOBALS['egw_setup']->db->next_record()) 58 { 59 $config[$GLOBALS['egw_setup']->db->f('config_name')] = $GLOBALS['egw_setup']->db->f('config_value'); 60 } 61 $GLOBALS['egw_info']['server']['ldap_host'] = $config['ldap_host']; 62 $GLOBALS['egw_info']['server']['ldap_context'] = $config['ldap_context']; 63 $GLOBALS['egw_info']['server']['ldap_group_context'] = $config['ldap_group_context']; 64 $GLOBALS['egw_info']['server']['ldap_root_dn'] = $config['ldap_root_dn']; 65 $GLOBALS['egw_info']['server']['ldap_root_pw'] = $config['ldap_root_pw']; 66 $GLOBALS['egw_info']['server']['account_repository'] = $config['account_repository']; 67 $GLOBALS['egw_info']['server']['ldap_version3'] = $config['ldap_version3']; 68 69 $GLOBALS['egw']->accounts = CreateObject('phpgwapi.accounts'); 70 $acct = $GLOBALS['egw']->accounts; 71 72 /* connect to ldap server */ 73 if(!$ldap = $common->ldapConnect()) 74 { 75 $noldapconnection = True; 76 } 77 78 if($noldapconnection) 79 { 80 Header('Location: config.php?error=badldapconnection'); 81 exit; 82 } 83 84 $sr = ldap_search($ldap,$config['ldap_context'],'(|(uid=*))',array('cn','givenname','uid','uidnumber')); 85 $info = ldap_get_entries($ldap, $sr); 86 $tmp = ''; 87 88 for($i=0; $i<$info['count']; $i++) 89 { 90 if(!$GLOBALS['egw_info']['server']['global_denied_users'][$info[$i]['uid'][0]]) 91 { 92 $account_info[$info[$i]['uidnumber'][0]] = $info[$i]; 93 } 94 } 95 96 if($GLOBALS['egw_info']['server']['ldap_group_context']) 97 { 98 $srg = ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid')); 99 $info = ldap_get_entries($ldap, $srg); 100 $tmp = ''; 101 102 for($i=0; $i<$info['count']; $i++) 103 { 104 if(!$GLOBALS['egw_info']['server']['global_denied_groups'][$info[$i]['cn'][0]] && 105 !$account_info[$i][$info[$i]['cn'][0]]) 106 { 107 $group_info[$info[$i]['gidnumber'][0]] = $info[$i]; 108 } 109 } 110 } 111 else 112 { 113 $group_info = array(); 114 } 115 116 $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->applications_table,'app_name','app_enabled != 0 AND app_enabled != 3',__LINE__,__FILE__); 117 while($GLOBALS['egw_setup']->db->next_record()) 118 { 119 $apps[$GLOBALS['egw_setup']->db->f('app_name')] = lang($GLOBALS['egw_setup']->db->f('app_name')); 120 } 121 122 if($cancel) 123 { 124 Header("Location: ldap.php"); 125 exit; 126 } 127 128 $GLOBALS['egw_setup']->html->show_header(lang('LDAP Modify'),False,'config',$GLOBALS['egw_setup']->ConfigDomain . '(' . $GLOBALS['egw_domain'][$GLOBALS['egw_setup']->ConfigDomain]['db_type'] . ')'); 129 $setup_complete = False; 130 if(isset($_POST['submit'])) 131 { 132 $acl = CreateObject('phpgwapi.acl'); 133 if(isset($_POST['ldapgroups'])) 134 { 135 $groups = CreateObject('phpgwapi.accounts'); 136 while(list($key,$groupid) = each($_POST['ldapgroups'])) 137 { 138 $id_exist = 0; 139 $entry = array(); 140 $thisacctid = $group_info[$groupid]['gidnumber'][0]; 141 $thisacctlid = $group_info[$groupid]['cn'][0]; 142 /* echo "Updating GROUPID : ".$thisacctlid."<br />\n"; */ 143 $thisfirstname = $group_info[$groupid]['cn'][0]; 144 $thismembers = $group_info[$groupid]['memberuid']; 145 $thisdn = $group_info[$groupid]['dn']; 146 147 /* Do some checks before we try to import the data. */ 148 if(!empty($thisacctid) && !empty($thisacctlid)) 149 { 150 $groups->account_id = (int)$thisacctid; 151 152 $sr = ldap_search($ldap,$config['ldap_group_context'],'cn='.$thisacctlid); 153 $entry = ldap_get_entries($ldap, $sr); 154 155 reset($entry[0]['objectclass']); 156 $addclass = True; 157 while(list($key,$value) = each($entry[0]['objectclass'])) 158 { 159 if(strtolower($value) == 'phpgwaccount') 160 { 161 $addclass = False; 162 } 163 } 164 if($addclass) 165 { 166 reset($entry[0]['objectclass']); 167 $replace['objectclass'] = $entry[0]['objectclass']; 168 unset($replace['objectclass']['count']); 169 $replace['objectclass'][] = 'phpgwAccount'; 170 sort($replace['objectclass']); 171 ldap_mod_replace($ldap,$thisdn,$replace); 172 unset($replace); 173 unset($addclass); 174 } 175 unset($add); 176 if(!@isset($entry[0]['phpgwaccountstatus'])) 177 { 178 $add['phpgwaccountstatus'][] = 'A'; 179 } 180 if(!@isset($entry[0]['phpgwaccounttype'])) 181 { 182 $add['phpgwaccounttype'][] = 'g'; 183 } 184 if(!@isset($entry[0]['phpgwaccountexpires'])) 185 { 186 $add['phpgwaccountexpires'][] = -1; 187 } 188 if(@isset($add)) 189 { 190 ldap_mod_add($ldap,$thisdn,$add); 191 } 192 193 /* Now make the members a member of this group in phpgw. */ 194 if(is_array($thismembers)) 195 { 196 foreach($thismembers as $key => $members) 197 { 198 if($key == 'count') 199 { 200 continue; 201 } 202 /* echo '<br />members: ' . $members; */ 203 $tmpid = 0; 204 @reset($account_info); 205 while(list($x,$y) = each($account_info)) 206 { 207 /* echo '<br />checking: '.$y['account_lid']; */ 208 if($members == $y['account_lid']) 209 { 210 $tmpid = $y['account_id']; 211 } 212 } 213 // Insert acls for this group based on memberuid field. 214 // Since the group has app rights, we don't need to give users 215 // these rights. Instead, we maintain group membership here. 216 if($tmpid) 217 { 218 $acl->account_id = (int)$tmpid; 219 $acl->read_repository(); 220 221 $acl->delete('phpgw_group',$thisacctid,1); 222 $acl->add('phpgw_group',$thisacctid,1); 223 224 // Now add the acl to let them change their password 225 $acl->delete('preferences','changepassword',1); 226 $acl->add('preferences','changepassword',1); 227 228 $acl->save_repository(); 229 } 230 } 231 } 232 /* Now give this group some rights */ 233 $GLOBALS['egw_info']['user']['account_id'] = $thisacctid; 234 $acl->account_id = (int)$thisacctid; 235 $acl->read_repository(); 236 @reset($_POST['s_apps']); 237 while(list($key,$app) = @each($_POST['s_apps'])) 238 { 239 $acl->delete($app,'run',1); 240 $acl->add($app,'run',1); 241 } 242 $acl->save_repository(); 243 $defaultgroupid = $thisacctid; 244 } 245 } 246 } 247 248 if(isset($_POST['users'])) 249 { 250 $accounts = CreateObject('phpgwapi.accounts'); 251 while(list($key,$id) = each($_POST['users'])) 252 { 253 $id_exist = 0; 254 $thisacctid = $account_info[$id]['uidnumber'][0]; 255 $thisacctlid = $account_info[$id]['uid'][0]; 256 /* echo "Updating USERID : ".$thisacctlid."<br />\n"; */ 257 $thisdn = $account_info[$id]['dn']; 258 259 /* Do some checks before we try to import the data. */ 260 if(!empty($thisacctid) && !empty($thisacctlid)) 261 { 262 $accounts->account_id = (int)$thisacctid; 263 $sr = ldap_search($ldap,$config['ldap_context'],'uid='.$thisacctlid); 264 $entry = ldap_get_entries($ldap, $sr); 265 reset($entry[0]['objectclass']); 266 $addclass = True; 267 while(list($key,$value) = each($entry[0]['objectclass'])) 268 { 269 if(strtolower($value) == 'phpgwaccount') 270 { 271 $addclass = False; 272 } 273 } 274 if($addclass) 275 { 276 reset($entry[0]['objectclass']); 277 $replace['objectclass'] = $entry[0]['objectclass']; 278 unset($replace['objectclass']['count']); 279 $replace['objectclass'][] = 'phpgwAccount'; 280 sort($replace['objectclass']); 281 ldap_mod_replace($ldap,$thisdn,$replace); 282 unset($replace); 283 unset($addclass); 284 } 285 unset($add); 286 if(!@isset($entry[0]['phpgwaccountstatus'])) 287 { 288 $add['phpgwaccountstatus'][] = 'A'; 289 } 290 if(!@isset($entry[0]['phpgwaccounttype'])) 291 { 292 $add['phpgwaccounttype'][] = 'u'; 293 } 294 if(!@isset($entry[0]['phpgwaccountexpires'])) 295 { 296 $add['phpgwaccountexpires'][] = -1; 297 } 298 if(@isset($add)) 299 { 300 ldap_mod_add($ldap,$thisdn,$add); 301 } 302 303 /* 304 Insert default acls for this user. 305 Since the group has app rights, we don't need to give users 306 these rights. 307 */ 308 $acl->account_id = (int)$thisacctid; 309 $acl->read_repository(); 310 311 /* 312 However, if no groups were imported, we do need to give each user 313 apps access 314 */ 315 if(empty($_POST['ldapgroups'])) 316 { 317 @reset($_POST['s_apps']); 318 while(list($key,$app) = @each($_POST['s_apps'])) 319 { 320 $acl->delete($app,'run',1); 321 $acl->add($app,'run',1); 322 } 323 } 324 // Now add the acl to let them change their password 325 $acl->delete('preferences','changepassword',1); 326 $acl->add('preferences','changepassword',1); 327 328 /* 329 Only give them admin if we asked for them to have it. 330 This is typically an exception to apps for run rights 331 as a group member. 332 */ 333 for($a=0;$a<=count($_POST['admins']);$a++) 334 { 335 if($_POST['admins'][$a] == $thisacctid) 336 { 337 $acl->delete('admin','run',1); 338 $acl->add('admin','run',1); 339 } 340 } 341 /* Save these new acls. */ 342 $acl->save_repository(); 343 } 344 } 345 } 346 $setup_complete = True; 347 } 348 349 if(isset($_GET['error'])) 350 { 351 /* echo '<br /><center><b>Error:</b> '.$error.'</center>'; */ 352 $GLOBALS['egw_setup']->html->show_alert_msg('Error',$_GET['error']); 353 } 354 355 if($setup_complete) 356 { 357 echo '<br /><center>'.lang('Modifications have been completed!').' '.lang('Click <a href="index.php">here</a> to return to setup.').'<br /><center>'; 358 $GLOBALS['egw_setup']->html->show_footer(); 359 exit; 360 } 361 362 $setup_tpl->set_block('ldap','header','header'); 363 $setup_tpl->set_block('ldap','user_list','user_list'); 364 $setup_tpl->set_block('ldap','admin_list','admin_list'); 365 $setup_tpl->set_block('ldap','group_list','group_list'); 366 $setup_tpl->set_block('ldap','app_list','app_list'); 367 $setup_tpl->set_block('ldap','submit','submit'); 368 $setup_tpl->set_block('ldap','footer','footer'); 369 370 $user_list = ''; 371 while(list($key,$account) = @each($account_info)) 372 { 373 $user_list .= '<option value="' . $account['uidnumber'][0] . '">' . utf8_decode($account['cn'][0]) . ' (' . $account['uid'][0] . ')</option>'; 374 } 375 376 $admin_list = ''; 377 @reset($account_info); 378 while (list($key,$account) = @each($account_info)) 379 { 380 $admin_list .= '<option value="' . $account['uidnumber'][0] . '">' . utf8_decode($account['cn'][0]) . ' (' . $account['uid'][0] . ')</option>'; 381 } 382 383 $group_list = ''; 384 while(list($key,$group) = @each($group_info)) 385 { 386 $group_list .= '<option value="' . $group['gidnumber'][0] . '">' . utf8_decode($group['cn'][0]) . '</option>'; 387 } 388 389 $app_list = ''; 390 while(list($appname,$apptitle) = each($apps)) 391 { 392 if($appname == 'admin' || 393 $appname == 'skel' || 394 $appname == 'backup' || 395 $appname == 'netsaint' || 396 $appname == 'developer_tools' || 397 $appname == 'phpsysinfo' || 398 $appname == 'eldaptir' || 399 $appname == 'qmailldap') 400 { 401 $app_list .= '<option value="' . $appname . '">' . $apptitle . '</option>'; 402 } 403 else 404 { 405 $app_list .= '<option value="' . $appname . '" selected>' . $apptitle . '</option>'; 406 } 407 } 408 409 $setup_tpl->set_var('action_url','ldapmodify.php'); 410 $setup_tpl->set_var('users',$user_list); 411 $setup_tpl->set_var('admins',$admin_list); 412 $setup_tpl->set_var('ldapgroups',$group_list); 413 $setup_tpl->set_var('s_apps',$app_list); 414 415 $setup_tpl->set_var('ldap_import',lang('LDAP Modify')); 416 $setup_tpl->set_var('description',lang("This section will help you setup your LDAP accounts for use with eGroupWare").'.'); 417 $setup_tpl->set_var('select_users',lang('Select which user(s) will be modified')); 418 $setup_tpl->set_var('select_admins',lang('Select which user(s) will also have admin privileges')); 419 $setup_tpl->set_var('select_groups',lang('Select which group(s) will be modified (group membership will be maintained)')); 420 $setup_tpl->set_var('select_apps',lang('Select the default applications to which your users will have access').'.'); 421 $setup_tpl->set_var('form_submit',lang('Modify')); 422 $setup_tpl->set_var('cancel',lang('Cancel')); 423 424 $setup_tpl->pfp('out','header'); 425 $setup_tpl->pfp('out','user_list'); 426 $setup_tpl->pfp('out','admin_list'); 427 $setup_tpl->pfp('out','group_list'); 428 $setup_tpl->pfp('out','app_list'); 429 $setup_tpl->pfp('out','submit'); 430 $setup_tpl->pfp('out','footer'); 431 432 $GLOBALS['egw_setup']->html->show_footer(); 433 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |