Context Navigation

ldapmodify.php @ 3664

Revision 3664, 14.0 KB checked in by rodsouza, 13 years ago (diff)
Ticket #707 - Tratando usuarios de base LDAP existente.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Rev	Line
[2]	1	<?php
	2	/**************************************************************************\
	3	* eGroupWare - Setup *
	4	* http://www.egroupware.org *
	5	* -------------------------------------------- *
	6	* This program is free software; you can redistribute it and/or modify it *
	7	* under the terms of the GNU General Public License as published by the *
	8	* Free Software Foundation; either version 2 of the License, or (at your *
	9	* option) any later version. *
	10	\**************************************************************************/
	11
	12
	13	$phpgw_info = array();
	14	$phpgw_info["flags"] = array(
	15	'noheader' => True,
	16	'nonavbar' => True,
	17	'currentapp' => 'home',
	18	'noapi' => True
	19	);
	20	include('./inc/functions.inc.php');
	21
	22	/* Authorize the user to use setup app and load the database */
	23	if(!$GLOBALS['phpgw_setup']->auth('Config'))
	24	{
	25	Header('Location: index.php');
	26	exit;
	27	}
	28	/* Does not return unless user is authorized */
	29
	30	class phpgw
	31	{
	32	var $common;
	33	var $accounts;
	34	var $applications;
	35	var $db;
	36	}
	37	$phpgw = new phpgw;
	38	$phpgw->common = CreateObject('phpgwapi.common');
	39
	40	$common = $phpgw->common;
	41	$GLOBALS['phpgw_setup']->loaddb();
	42	copyobj($GLOBALS['phpgw_setup']->db,$phpgw->db);
	43
	44	$tpl_root = $GLOBALS['phpgw_setup']->html->setup_tpl_dir('setup');
	45	$setup_tpl = CreateObject('setup.Template',$tpl_root);
	46	$setup_tpl->set_file(array(
	47	'ldap' => 'ldap.tpl',
	48	'T_head' => 'head.tpl',
	49	'T_footer' => 'footer.tpl',
	50	'T_alert_msg' => 'msg_alert_msg.tpl'
	51	));
	52
[3607]	53	$GLOBALS[ 'phpgw_setup' ] -> db -> query(
	54	"SELECT config_name, config_value FROM phpgw_config"
	55	." WHERE config_app = 'phpgwapi' and config_name LIKE 'ldap%' OR config_name='account_repository'",
	56	__LINE__, __FILE__
	57	);
[328]	58
[3607]	59	while ( $GLOBALS[ 'phpgw_setup' ] -> db -> next_record( ) )
	60	$config[ $GLOBALS[ 'phpgw_setup' ] -> db -> f( 'config_name' ) ] = $GLOBALS[ 'phpgw_setup' ] -> db -> f( 'config_value' );
	61
[2]	62	$phpgw_info['server']['ldap_host'] = $config['ldap_host'];
	63	$phpgw_info['server']['ldap_context'] = $config['ldap_context'];
	64	$phpgw_info['server']['ldap_group_context'] = $config['ldap_group_context'];
	65	$phpgw_info['server']['ldap_root_dn'] = $config['ldap_root_dn'];
	66	$phpgw_info['server']['ldap_root_pw'] = $config['ldap_root_pw'];
	67	$phpgw_info['server']['account_repository'] = $config['account_repository'];
	68	$phpgw_info['server']['ldap_version3'] = $config['ldap_version3'];
	69
	70	$phpgw->accounts = CreateObject('phpgwapi.accounts');
	71	$acct = $phpgw->accounts;
	72
[3607]	73	// connect to ldap server
	74	if ( ! $ldap = $common -> ldapConnect( ) )
[2]	75	{
[3607]	76	Header( 'Location: config.php?error=badldapconnection' );
[2]	77	exit;
	78	}
	79
	80	// Take the users from LDAP.
[3607]	81	$sr = ldap_search( $ldap, $config[ 'ldap_context' ], '(objectClass=posixAccount)', array( 'cn', 'givenname', 'uid', 'uidnumber', 'objectClass' ) );
	82	$info = ldap_get_entries( $ldap, $sr );
[2]	83	$tmp = '';
	84
[3607]	85	$account_info = array( );
	86	for ( $i = 0; $i < $info[ 'count' ]; $i++ )
	87	if ( ! array_key_exists( $info[ $i ][ 'uid' ][ 0 ], $phpgw_info[ 'server' ][ 'global_denied_users' ] ) )
	88	$account_info[ $info[ $i ][ 'dn' ] ] = $info[ $i ];
[2]	89
[3607]	90	$group_info = array( );
	91	if ( array_key_exists( 'ldap_group_context', $phpgw_info[ 'server' ] ) && count( $phpgw_info['server']['global_denied_groups'] ) )
[2]	92	{
[3664]	93	$sr = ldap_search( $ldap, $config[ 'ldap_group_context' ], '(objectClass=posixGroup)',
	94	array( 'gidnumber', 'cn', 'memberuid', 'objectclass', 'phpgwaccountstatus', 'phpgwaccounttype', 'phpgwaccountexpires' )
	95	);
[3607]	96	$info = ldap_get_entries( $ldap, $sr );
[2]	97	$tmp = '';
	98
[3607]	99	for ( $i = 0; $i < $info[ 'count' ]; $i++ )
	100	if ( ! array_key_exists( $info[ $i ][ 'cn' ][ 0 ], $phpgw_info[ 'server' ][ 'global_denied_groups' ] ) )
	101	$group_info[ $info[ $i ][ 'dn' ] ] = $info[ $i ];
[2]	102	}
	103
[3607]	104	$GLOBALS[ 'phpgw_setup' ] -> db -> query(
	105	"SELECT app_name FROM phpgw_applications WHERE app_enabled!='0' AND app_enabled!='3' ORDER BY app_name",
	106	__LINE__, __FILE__
	107	);
[2]	108
[3607]	109	while( $GLOBALS[ 'phpgw_setup' ] -> db -> next_record( ) )
	110	$apps[ $GLOBALS[ 'phpgw_setup' ] -> db -> f( 'app_name' ) ] = lang( $GLOBALS[ 'phpgw_setup' ] -> db -> f( 'app_name' ) );
	111
	112	if ( $cancel )
[2]	113	{
[3607]	114	Header( 'Location: ldap.php' );
[2]	115	exit;
	116	}
	117
[3607]	118	$GLOBALS[ 'phpgw_setup' ] -> html -> show_header(
	119	lang('LDAP Modify'),
	120	false,
	121	'config',
	122	"{$GLOBALS[ 'phpgw_setup' ] -> ConfigDomain} ( {$phpgw_domain[ $GLOBALS[ 'phpgw_setup' ] -> ConfigDomain ][ 'db_type' ]} )"
	123	);
	124
	125	if ( array_key_exists( 'submit', $_POST ) )
[2]	126	{
	127	$acl = CreateObject('phpgwapi.acl');
[3607]	128	copyobj( $GLOBALS[ 'phpgw_setup' ] -> db, $acl -> db );
	129
	130	if ( array_key_exists( 'ldapgroups', $_POST ) && is_array( $_POST[ 'ldapgroups' ] ) )
[2]	131	{
[3607]	132	$groups = CreateObject( 'phpgwapi.accounts' );
	133	copyobj( $GLOBALS[ 'phpgw_setup' ] -> db, $groups -> db );
	134
	135	foreach ( $_POST[ 'ldapgroups' ] as $groupid )
[2]	136	{
[3607]	137	if ( ! array_key_exists( $groupid, $group_info ) )
	138	{
	139	echo "Has occurred some problem in the group : {$groupid}<br>\n";
	140	continue;
	141	}
[2]	142
[3607]	143	$entry = array( );
	144
	145	$thisacctid = $group_info[ $groupid ][ 'gidnumber' ][ 0 ];
	146	$thisacctlid = $group_info[ $groupid ][ 'cn' ][ 0 ];
	147	$thisfirstname = $group_info[ $groupid ][ 'cn' ][ 0 ];
	148	$thismembers = $group_info[ $groupid ][ 'memberuid' ];
	149	$thisdn = $group_info[ $groupid ][ 'dn' ];
	150
	151	echo "Updating GROUPID : {$thisacctlid} ({$groupid})<br>\n";
	152
	153	// Do some checks before we try to import the data.
	154	if ( ! empty( $thisacctid ) && ! empty( $thisacctlid ) )
[2]	155	{
[3607]	156	$groups->account_id = ( int ) $thisacctid;
[2]	157
[3664]	158	reset( $group_info[ $groupid ][ 'objectclass' ] );
[2]	159
[3607]	160	$add = array( );
	161
[3664]	162	if ( ! in_array( 'phpgwAccount', $group_info[ $groupid ][ 'objectclass' ] ) )
[3607]	163	$add[ 'objectclass'] = array( 'phpgwAccount' );
	164
[3664]	165	if ( ! array_key_exists( 'phpgwaccountstatus', $group_info[ $groupid ] ) )
[3607]	166	$add[ 'phpgwaccountstatus'] = array( 'A' );
	167
[3664]	168	if ( ! array_key_exists( 'phpgwaccounttype', $group_info[ $groupid ] ) )
[3607]	169	$add[ 'phpgwaccounttype' ] = array( 'g' );
	170
[3664]	171	if ( ! array_key_exists( 'phpgwaccountexpires', $group_info[ $groupid ] ) )
[3607]	172	$add[ 'phpgwaccountexpires' ] = array( -1 );
	173
[3664]	174	if ( count( $add ) )
	175	ldap_mod_add( $ldap, $thisdn, $add );
[3607]	176
	177	// Now make the members a member of this group in phpgw.
	178	if ( is_array( $thismembers ) )
[2]	179	{
[3607]	180	if ( array_key_exists( 'count', $thismembers ) )
	181	unset( $thismembers[ 'count' ] );
	182
	183	foreach ( $thismembers as $key => $members )
[2]	184	{
[3607]	185	echo "members: {$members}<br>\n";
[2]	186
[3607]	187	$tmpid = NULL;
	188	foreach ( $account_info as $info )
	189	if ( $members == $info[ 'uid' ][ 0 ] )
[2]	190	{
[3607]	191	$tmpid = $info[ 'uidnumber' ][ 0 ];
	192	break;
[2]	193	}
[3607]	194
[2]	195	// Insert acls for this group based on memberuid field.
	196	// Since the group has app rights, we don't need to give users
[3607]	197	// these rights. Instead, we maintain group membership here.
	198	if ( $tmpid )
[2]	199	{
[3607]	200	echo "inserindo user_id: {$tmpid} em {$thisacctid}<br>\n";
	201
	202	$acl -> account_id = ( int ) $tmpid;
	203	$acl -> read_repository( );
[3664]	204
[3607]	205	$acl -> delete( 'phpgw_group', $thisacctid, 1 );
	206	$acl -> add( 'phpgw_group', $thisacctid, 1 );
[3664]	207
[2]	208	// Now add the acl to let them change their password
[3607]	209	$acl -> delete( 'preferences', 'changepassword', 1 );
	210	$acl -> add( 'preferences', 'changepassword', 1 );
[3664]	211
[3607]	212	$acl -> save_repository( );
[2]	213	}
	214	}
	215	}
[3607]	216
	217	// Now give this group some rights
	218	$phpgw_info[ 'user' ][ 'account_id' ] = $thisacctid;
	219
	220	$acl -> account_id = ( int ) $thisacctid;
	221	$acl -> read_repository( );
	222
	223	foreach ( $_POST[ 's_apps' ] as $app )
[2]	224	{
[3607]	225	$acl -> delete( $app, 'run', 1 );
	226	$acl -> add( $app, 'run', 1 );
[2]	227	}
[3607]	228
	229	$acl -> save_repository();
[2]	230	$defaultgroupid = $thisacctid;
	231	}
[3607]	232	echo "----------------------------------------------<br>\n";
[2]	233	}
	234	}
	235
[3664]	236	if ( ( array_key_exists( 'users', $_POST ) && is_array( $_POST[ 'users' ] ) ) \|\| ( array_key_exists( 'admins', $_POST ) && is_array( $_POST[ 'admins' ] ) ) )
[2]	237	{
[3607]	238	$accounts = CreateObject( 'phpgwapi.accounts' );
	239	copyobj( $GLOBALS[ 'phpgw_setup' ] -> db, $accounts -> db );
	240
[2]	241	$users_process = 0;
	242	$new_uidnumber = 12011;
[3607]	243
	244	//error_log( print_r( $_POST[ 'users' ], true ), 3, '/tmp/log' );
	245	//error_log( print_r( $config, true ), 3, '/tmp/log' );
	246
[3664]	247	foreach ( array( 'admins', 'users' ) as $type )
	248	if ( array_key_exists( $type, $_POST ) )
[2]	249	{
[3664]	250	if ( $type == 'admins' )
	251	{
	252	// give admin access to all apps, to save us some support requests
	253	$all_apps = array();
	254	$GLOBALS[ 'phpgw_setup' ] -> db -> query( 'SELECT app_name FROM phpgw_applications ORDER BY app_name' );
	255	while ( $GLOBALS[ 'phpgw_setup' ] -> db -> next_record( ) )
	256	$all_apps[ ] = $GLOBALS[ 'phpgw_setup' ] -> db -> f( 'app_name' );
	257	}
[2]	258
[3664]	259	foreach ( $_POST[ $type ] as $user_id )
	260	{
	261	$id_exist = 0;
	262	$thisacctid = $account_info[ $user_id ][ 'uidnumber' ][ 0 ];
	263	$thisacctlid = $account_info[ $user_id ][ 'uid' ][ 0 ];
	264	$thisdn = $account_info[ $user_id ][ 'dn'];
[3607]	265
[3664]	266	echo "{$thisdn}<br>\nUpdating ({$type}) USERID : {$thisacctlid}<br>\n";
[3607]	267
[3664]	268	// Do some checks before we try to import the data.
	269	if ( !empty($thisacctid) && !empty($thisacctlid))
	270	{
	271	$users_process++;
[3607]	272
[3664]	273	$add = array( );
	274	$objectClass = array( );
[3607]	275
[3664]	276	if ( ! in_array( 'qmailUser', $account_info[ $user_id ][ 'objectclass' ] ) )
	277	$objectclass[ ] = 'qmailUser';
[3607]	278
[3664]	279	if ( ! in_array( 'phpgwAccount', $account_info[ $user_id ][ 'objectclass' ] ) )
	280	{
	281	$objectclass[ ] = 'phpgwAccount';
	282	$add[ 'phpgwAccountExpires' ] = array( '-1' );
	283	$add[ 'phpgwAccountStatus' ] = array( 'A' );
	284	$add[ 'phpgwAccountType' ] = array( 'u' );
	285	$add[ 'phpgwLastPasswdChange' ] = array( '1290632486' );
	286	}
[3607]	287
[3664]	288	if ( count( $objectclass ) )
	289	$add[ 'objectclass' ] = $objectclass;
[3607]	290
[3664]	291	if ( count( $add ) )
	292	ldap_mod_add( $ldap, $thisdn, $add );
[3607]	293
[3664]	294	$accounts -> account_id = ( int ) $thisacctid;
[3607]	295
[3664]	296	// Insert default acls for this user.
	297	$acl -> account_id = ( int ) $thisacctid;
	298	$acl -> read_repository( );
[2]	299
[3664]	300	// Now add the acl to let them change their password
	301	$acl -> delete( 'preferences', 'changepassword', 1 );
	302	$acl -> add( 'preferences', 'changepassword', 1 );
[2]	303
[3664]	304	// Add user to a default group, previous created
	305	//$acl -> add( 'phpgw_group', '12007', 1 );
[3607]	306
[3664]	307	echo "Adding in ACL BD: {$thisacctid}<br><br>\n";
	308
	309	// Save these new acls.
	310	$acl -> save_repository( );
	311
	312	$new_uidnumber++;
	313	}
	314
	315	if ( $type == 'admins' )
	316	{
	317	$GLOBALS[ 'phpgw_setup' ] -> add_acl(array( 'admin', 'expressoAdmin1_2' ), 'run', ( int ) $thisacctid );
	318	$GLOBALS[ 'phpgw_setup' ] -> db -> query( "INSERT INTO phpgw_expressoadmin VALUES ( '{$thisacctlid}', '{$config[ 'ldap_context' ]}', 2199023253495 )" );
	319	foreach ( $all_apps as $app )
	320	$GLOBALS[ 'phpgw_setup' ] -> db -> query( "INSERT INTO phpgw_expressoadmin_apps VALUES ( '{$thisacctlid}', '{$config[ 'ldap_context' ]}', '{$app}' )" );
	321	}
	322	}
[2]	323	}
	324	}
	325
[3607]	326	printf( "<br><center>%s %s<br></center>",
	327	lang( 'Modifications have been completed!' ),
	328	lang( 'Click <a href="index.php">here</a> to return to setup.' )
	329	);
[2]	330
[3607]	331	$GLOBALS['phpgw_setup' ] -> html -> show_footer( );
[2]	332	exit;
	333	}
	334
[3607]	335	if ( array_key_exists( 'error', $_GET ) )
	336	$GLOBALS[ 'phpgw_setup' ] -> html -> show_alert_msg( 'Error', $_GET[ 'error' ] );
	337
[2]	338	$setup_tpl->set_block('ldap','header','header');
	339	$setup_tpl->set_block('ldap','user_list','user_list');
	340	$setup_tpl->set_block('ldap','admin_list','admin_list');
	341	$setup_tpl->set_block('ldap','group_list','group_list');
	342	$setup_tpl->set_block('ldap','app_list','app_list');
	343	$setup_tpl->set_block('ldap','submit','submit');
	344	$setup_tpl->set_block('ldap','footer','footer');
	345
[3607]	346	$user_list = array( );
	347	while ( list( $key, $account ) = each( $account_info ) )
	348	$user_list[ ] = '<option value="' . $account[ 'dn' ] . '">' . utf8_decode( $account[ 'cn' ][ 0 ] ) . " ({$account[ 'uid' ][ 0 ]})</option>";
[2]	349
[3607]	350	$user_list = $admin_list = implode( '', $user_list );
[2]	351
	352	$group_list = '';
[3607]	353	while( list( $key, $group ) = each( $group_info ) )
	354	$group_list .= '<option value="' . $group[ 'dn' ] . '">' . utf8_decode( $group[ 'cn' ][ 0 ] ) . '</option>';
[2]	355
	356	$app_list = '';
	357	while(list($appname,$apptitle) = each($apps))
	358	{
	359	if($appname == 'admin' \|\|
	360	$appname == 'skel' \|\|
	361	$appname == 'backup' \|\|
	362	$appname == 'netsaint' \|\|
	363	$appname == 'developer_tools' \|\|
	364	$appname == 'phpsysinfo' \|\|
	365	$appname == 'eldaptir' \|\|
	366	$appname == 'qmailldap')
	367	{
	368	$app_list .= '<option value="' . $appname . '">' . $apptitle . '</option>';
	369	}
	370	else
	371	{
	372	$app_list .= '<option value="' . $appname . '" selected>' . $apptitle . '</option>';
	373	}
	374	}
	375
[3582]	376	$setup_tpl->set_var('action_url','ldapmodify.php');
[2]	377	$setup_tpl->set_var('users',$user_list);
	378	$setup_tpl->set_var('admins',$admin_list);
	379	$setup_tpl->set_var('ldapgroups',$group_list);
	380	$setup_tpl->set_var('s_apps',$app_list);
	381
	382	$setup_tpl->set_var('ldap_import',lang('LDAP Modify'));
	383	$setup_tpl->set_var('description',lang("This section will help you setup your LDAP accounts for use with eGroupWare").'.');
	384	$setup_tpl->set_var('select_users',lang('Select which user(s) will be modified'));
	385	$setup_tpl->set_var('select_admins',lang('Select which user(s) will also have admin privileges'));
	386	$setup_tpl->set_var('select_groups',lang('Select which group(s) will be modified (group membership will be maintained)'));
	387	$setup_tpl->set_var('select_apps',lang('Select the default applications to which your users will have access').'.');
[3582]	388	$setup_tpl->set_var('form_submit',lang('Modify'));
[2]	389	$setup_tpl->set_var('cancel',lang('Cancel'));
	390
	391	$setup_tpl->pfp('out','header');
	392	$setup_tpl->pfp('out','user_list');
	393	$setup_tpl->pfp('out','admin_list');
	394	$setup_tpl->pfp('out','group_list');
	395	$setup_tpl->pfp('out','app_list');
	396	$setup_tpl->pfp('out','submit');
	397	$setup_tpl->pfp('out','footer');
	398
	399	$GLOBALS['phpgw_setup']->html->show_footer();
	400	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/2.2/setup/ldapmodify.php @ 3664

Download in other formats: