Changeset 3607
- Timestamp:
- 12/20/10 09:00:33 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2/setup/ldapmodify.php
r3584 r3607 51 51 )); 52 52 53 $GLOBALS['phpgw_setup']->db->query("SELECT config_name,config_value FROM phpgw_config WHERE config_app = 'phpgwapi' and config_name LIKE 'ldap%' OR config_name='account_repository'",__LINE__,__FILE__); 54 while($GLOBALS['phpgw_setup']->db->next_record()) 55 { 56 $config[$GLOBALS['phpgw_setup']->db->f('config_name')] = $GLOBALS['phpgw_setup']->db->f('config_value'); 57 } 53 $GLOBALS[ 'phpgw_setup' ] -> db -> query( 54 "SELECT config_name, config_value FROM phpgw_config" 55 ." WHERE config_app = 'phpgwapi' and config_name LIKE 'ldap%' OR config_name='account_repository'", 56 __LINE__, __FILE__ 57 ); 58 59 while ( $GLOBALS[ 'phpgw_setup' ] -> db -> next_record( ) ) 60 $config[ $GLOBALS[ 'phpgw_setup' ] -> db -> f( 'config_name' ) ] = $GLOBALS[ 'phpgw_setup' ] -> db -> f( 'config_value' ); 58 61 59 62 $phpgw_info['server']['ldap_host'] = $config['ldap_host']; … … 68 71 $acct = $phpgw->accounts; 69 72 70 /* connect to ldap server */ 71 if(!$ldap = $common->ldapConnect()) 72 { 73 $noldapconnection = True; 74 } 75 76 if($noldapconnection) 77 { 78 Header('Location: config.php?error=badldapconnection'); 73 // connect to ldap server 74 if ( ! $ldap = $common -> ldapConnect( ) ) 75 { 76 Header( 'Location: config.php?error=badldapconnection' ); 79 77 exit; 80 78 } 81 79 82 80 // Take the users from LDAP. 83 $sr = ldap_search( $ldap,$config['ldap_context'],'(cn=*)',array('cn','givenname','uid','uidnumber'));84 $info = ldap_get_entries( $ldap, $sr);81 $sr = ldap_search( $ldap, $config[ 'ldap_context' ], '(objectClass=posixAccount)', array( 'cn', 'givenname', 'uid', 'uidnumber', 'objectClass' ) ); 82 $info = ldap_get_entries( $ldap, $sr ); 85 83 $tmp = ''; 86 84 87 for($i=0; $i<$info['count']; $i++) 88 { 89 if(!$phpgw_info['server']['global_denied_users'][$info[$i]['uid'][0]]) 85 $account_info = array( ); 86 for ( $i = 0; $i < $info[ 'count' ]; $i++ ) 87 if ( ! array_key_exists( $info[ $i ][ 'uid' ][ 0 ], $phpgw_info[ 'server' ][ 'global_denied_users' ] ) ) 88 $account_info[ $info[ $i ][ 'dn' ] ] = $info[ $i ]; 89 90 $group_info = array( ); 91 if ( array_key_exists( 'ldap_group_context', $phpgw_info[ 'server' ] ) && count( $phpgw_info['server']['global_denied_groups'] ) ) 92 { 93 $sr = ldap_search( $ldap, $config[ 'ldap_group_context' ], '(objectClass=posixGroup)', array( 'gidnumber', 'cn', 'memberuid' ) ); 94 $info = ldap_get_entries( $ldap, $sr ); 95 $tmp = ''; 96 97 for ( $i = 0; $i < $info[ 'count' ]; $i++ ) 98 if ( ! array_key_exists( $info[ $i ][ 'cn' ][ 0 ], $phpgw_info[ 'server' ][ 'global_denied_groups' ] ) ) 99 $group_info[ $info[ $i ][ 'dn' ] ] = $info[ $i ]; 100 } 101 102 $GLOBALS[ 'phpgw_setup' ] -> db -> query( 103 "SELECT app_name FROM phpgw_applications WHERE app_enabled!='0' AND app_enabled!='3' ORDER BY app_name", 104 __LINE__, __FILE__ 105 ); 106 107 while( $GLOBALS[ 'phpgw_setup' ] -> db -> next_record( ) ) 108 $apps[ $GLOBALS[ 'phpgw_setup' ] -> db -> f( 'app_name' ) ] = lang( $GLOBALS[ 'phpgw_setup' ] -> db -> f( 'app_name' ) ); 109 110 if ( $cancel ) 111 { 112 Header( 'Location: ldap.php' ); 113 exit; 114 } 115 116 $GLOBALS[ 'phpgw_setup' ] -> html -> show_header( 117 lang('LDAP Modify'), 118 false, 119 'config', 120 "{$GLOBALS[ 'phpgw_setup' ] -> ConfigDomain} ( {$phpgw_domain[ $GLOBALS[ 'phpgw_setup' ] -> ConfigDomain ][ 'db_type' ]} )" 121 ); 122 123 //error_log( print_r( $config, true ), 3, '/tmp/log' ); 124 //error_log( print_r( $group_info, true ), 3, '/tmp/log' ); 125 126 if ( array_key_exists( 'submit', $_POST ) ) 127 { 128 $acl = CreateObject('phpgwapi.acl'); 129 copyobj( $GLOBALS[ 'phpgw_setup' ] -> db, $acl -> db ); 130 131 if ( array_key_exists( 'ldapgroups', $_POST ) && is_array( $_POST[ 'ldapgroups' ] ) ) 90 132 { 91 $account_info[$info[$i]['uidnumber'][0]] = $info[$i]; 92 } 93 } 94 95 if($phpgw_info['server']['ldap_group_context']) 96 { 97 $srg = ldap_search($ldap,$config['ldap_group_context'],'(&(cn=*)(objectClass=posixGroup))',array('gidnumber','cn','memberuid')); 98 $info = ldap_get_entries($ldap, $srg); 99 $tmp = ''; 100 101 for($i=0; $i<$info['count']; $i++) 102 { 103 if(!$phpgw_info['server']['global_denied_groups'][$info[$i]['cn'][0]] && 104 !$account_info[$i][$info[$i]['cn'][0]]) 133 $groups = CreateObject( 'phpgwapi.accounts' ); 134 copyobj( $GLOBALS[ 'phpgw_setup' ] -> db, $groups -> db ); 135 136 //error_log( print_r( $_POST[ 'ldapgroups' ], true ), 3, '/tmp/log' ); 137 138 foreach ( $_POST[ 'ldapgroups' ] as $groupid ) 105 139 { 106 $group_info[$info[$i]['gidnumber'][0]] = $info[$i]; 107 } 108 } 109 } 110 else 111 { 112 $group_info = array(); 113 } 114 115 $GLOBALS['phpgw_setup']->db->query("SELECT app_name FROM phpgw_applications WHERE app_enabled!='0' AND app_enabled!='3' ORDER BY app_name",__LINE__,__FILE__); 116 while($GLOBALS['phpgw_setup']->db->next_record()) 117 { 118 $apps[$GLOBALS['phpgw_setup']->db->f('app_name')] = lang($GLOBALS['phpgw_setup']->db->f('app_name')); 119 } 120 121 if($cancel) 122 { 123 Header("Location: ldap.php"); 124 exit; 125 } 126 127 $GLOBALS['phpgw_setup']->html->show_header(lang('LDAP Modify'),False,'config',$GLOBALS['phpgw_setup']->ConfigDomain . '(' . $phpgw_domain[$GLOBALS['phpgw_setup']->ConfigDomain]['db_type'] . ')'); 128 $setup_complete = False; 129 if(isset($_POST['submit'])) 130 { 131 $acl = CreateObject('phpgwapi.acl'); 132 copyobj($GLOBALS['phpgw_setup']->db,$acl->db); 133 if(isset($_POST['ldapgroups'])) 134 { 135 $groups = CreateObject('phpgwapi.accounts'); 136 copyobj($GLOBALS['phpgw_setup']->db,$groups->db); 137 while(list($key,$groupid) = each($_POST['ldapgroups'])) 138 { 139 $id_exist = 0; 140 $entry = array(); 141 $thisacctid = $group_info[$groupid]['gidnumber'][0]; 142 $thisacctlid = $group_info[$groupid]['cn'][0]; 143 /* echo "Updating GROUPID : ".$thisacctlid."<br>\n"; */ 144 $thisfirstname = $group_info[$groupid]['cn'][0]; 145 $thismembers = $group_info[$groupid]['memberuid']; 146 $thisdn = $group_info[$groupid]['dn']; 147 148 /* Do some checks before we try to import the data. */ 149 if(!empty($thisacctid) && !empty($thisacctlid)) 140 if ( ! array_key_exists( $groupid, $group_info ) ) 150 141 { 151 $groups->account_id = (int)$thisacctid; 152 153 $sr = ldap_search($ldap,$config['ldap_group_context'],'cn='.$thisacctlid); 154 $entry = ldap_get_entries($ldap, $sr); 155 156 reset($entry[0]['objectclass']); 157 $addclass = True; 158 while(list($key,$value) = each($entry[0]['objectclass'])) 142 echo "Has occurred some problem in the group : {$groupid}<br>\n"; 143 continue; 144 } 145 146 $entry = array( ); 147 148 $thisacctid = $group_info[ $groupid ][ 'gidnumber' ][ 0 ]; 149 $thisacctlid = $group_info[ $groupid ][ 'cn' ][ 0 ]; 150 $thisfirstname = $group_info[ $groupid ][ 'cn' ][ 0 ]; 151 $thismembers = $group_info[ $groupid ][ 'memberuid' ]; 152 $thisdn = $group_info[ $groupid ][ 'dn' ]; 153 154 echo "Updating GROUPID : {$thisacctlid} ({$groupid})<br>\n"; 155 156 // Do some checks before we try to import the data. 157 if ( ! empty( $thisacctid ) && ! empty( $thisacctlid ) ) 158 { 159 $groups->account_id = ( int ) $thisacctid; 160 161 $sr = ldap_search( $ldap, $config[ 'ldap_group_context' ], 'cn=' . $thisacctlid ); 162 $entry = ldap_get_entries( $ldap, $sr ); 163 164 // error_log( print_r( $entry, true ), 3, '/tmp/log' ); 165 166 reset( $entry[ 0 ][ 'objectclass' ] ); 167 168 $add = array( ); 169 170 if ( ! in_array( 'phpgwAccount', $entry[ 0 ][ 'objectclass' ] ) ) 171 $add[ 'objectclass'] = array( 'phpgwAccount' ); 172 173 if ( ! array_key_exists( 'phpgwaccountstatus', $entry[ 0 ] ) ) 174 $add[ 'phpgwaccountstatus'] = array( 'A' ); 175 176 if ( ! array_key_exists( 'phpgwaccounttype', $entry[ 0 ] ) ) 177 $add[ 'phpgwaccounttype' ] = array( 'g' ); 178 179 if ( ! array_key_exists( 'phpgwaccountexpires', $entry[ 0 ] ) ) 180 $add[ 'phpgwaccountexpires' ] = array( -1 ); 181 182 // error_log( print_r( $add, true ), 3, '/tmp/log' ); 183 184 //if ( count( $add ) ) 185 // ldap_mod_add( $ldap, $thisdn, $add ); 186 187 // Now make the members a member of this group in phpgw. 188 if ( is_array( $thismembers ) ) 159 189 { 160 if(strtolower($value) == 'phpgwaccount') 190 if ( array_key_exists( 'count', $thismembers ) ) 191 unset( $thismembers[ 'count' ] ); 192 193 // error_log( print_r( $thismembers, true ), 3, '/tmp/log' ); 194 // error_log( print_r( $account_info, true ), 3, '/tmp/log' ); 195 196 foreach ( $thismembers as $key => $members ) 161 197 { 162 $addclass = False; 163 } 164 } 165 if($addclass) 166 { 167 reset($entry[0]['objectclass']); 168 $replace['objectclass'] = $entry[0]['objectclass']; 169 unset($replace['objectclass']['count']); 170 $replace['objectclass'][] = 'phpgwAccount'; 171 sort($replace['objectclass']); 172 ldap_mod_replace($ldap,$thisdn,$replace); 173 unset($replace); 174 unset($addclass); 175 } 176 unset($add); 177 if(!@isset($entry[0]['phpgwaccountstatus'])) 178 { 179 $add['phpgwaccountstatus'][] = 'A'; 180 } 181 if(!@isset($entry[0]['phpgwaccounttype'])) 182 { 183 $add['phpgwaccounttype'][] = 'g'; 184 } 185 if(!@isset($entry[0]['phpgwaccountexpires'])) 186 { 187 $add['phpgwaccountexpires'][] = -1; 188 } 189 if(@isset($add)) 190 { 191 ldap_mod_add($ldap,$thisdn,$add); 192 } 193 194 /* Now make the members a member of this group in phpgw. */ 195 if(is_array($thismembers)) 196 { 197 foreach($thismembers as $key => $members) 198 { 199 if($key == 'count') 200 { 201 continue; 202 } 203 echo '<br>members: ' . $members; 204 $tmpid = 0; 205 @reset($account_info); 206 while(list($x,$y) = each($account_info)) 207 { 208 //echo '<br>checking: '.$y['uid'][0]; 209 if($members == $y['uid'][0]) 198 echo "members: {$members}<br>\n"; 199 200 $tmpid = NULL; 201 foreach ( $account_info as $info ) 202 if ( $members == $info[ 'uid' ][ 0 ] ) 210 203 { 211 $tmpid = $y['uidnumber'][0]; 204 $tmpid = $info[ 'uidnumber' ][ 0 ]; 205 break; 212 206 } 213 } 207 214 208 // Insert acls for this group based on memberuid field. 215 209 // Since the group has app rights, we don't need to give users 216 // these rights.Instead, we maintain group membership here.217 if ($tmpid)210 // these rights. Instead, we maintain group membership here. 211 if ( $tmpid ) 218 212 { 219 echo '<br>inserindo user_id: ' . $tmpid . ' em ' . $thisacctid; 220 $acl->account_id = (int)$tmpid; 221 $acl->read_repository(); 213 echo "inserindo user_id: {$tmpid} em {$thisacctid}<br>\n"; 214 215 $acl -> account_id = ( int ) $tmpid; 216 $acl -> read_repository( ); 222 217 223 $acl ->delete('phpgw_group',$thisacctid,1);224 $acl ->add('phpgw_group',$thisacctid,1);218 $acl -> delete( 'phpgw_group', $thisacctid, 1 ); 219 $acl -> add( 'phpgw_group', $thisacctid, 1 ); 225 220 226 221 // Now add the acl to let them change their password 227 $acl ->delete('preferences','changepassword',1);228 $acl ->add('preferences','changepassword',1);222 $acl -> delete( 'preferences', 'changepassword', 1 ); 223 $acl -> add( 'preferences', 'changepassword', 1 ); 229 224 230 $acl ->save_repository();225 $acl -> save_repository( ); 231 226 } 232 227 } 233 228 } 234 /* Now give this group some rights */ 235 $phpgw_info['user']['account_id'] = $thisacctid; 236 $acl->account_id = (int)$thisacctid; 237 $acl->read_repository(); 238 @reset($_POST['s_apps']); 239 while(list($key,$app) = @each($_POST['s_apps'])) 229 230 // Now give this group some rights 231 $phpgw_info[ 'user' ][ 'account_id' ] = $thisacctid; 232 233 $acl -> account_id = ( int ) $thisacctid; 234 $acl -> read_repository( ); 235 236 foreach ( $_POST[ 's_apps' ] as $app ) 240 237 { 241 $acl ->delete($app,'run',1);242 $acl ->add($app,'run',1);238 $acl -> delete( $app, 'run', 1 ); 239 $acl -> add( $app, 'run', 1 ); 243 240 } 244 $acl->save_repository(); 241 242 $acl -> save_repository(); 245 243 $defaultgroupid = $thisacctid; 246 244 } 245 echo "----------------------------------------------<br>\n"; 247 246 } 248 247 } 249 248 250 if (isset($_POST['users']))249 if ( array_key_exists( 'users', $_POST ) && is_array( $_POST[ 'users' ] ) ) 251 250 { 252 $accounts = CreateObject('phpgwapi.accounts'); 253 copyobj($GLOBALS['phpgw_setup']->db,$accounts->db); 251 $accounts = CreateObject( 'phpgwapi.accounts' ); 252 copyobj( $GLOBALS[ 'phpgw_setup' ] -> db, $accounts -> db ); 253 254 254 $users_process = 0; 255 255 $new_uidnumber = 12011; 256 while(list($key,$id) = each($_POST['users'])) 256 257 //error_log( print_r( $_POST[ 'users' ], true ), 3, '/tmp/log' ); 258 //error_log( print_r( $config, true ), 3, '/tmp/log' ); 259 260 foreach ( $_POST[ 'users' ] as $user_id ) 257 261 { 258 262 $id_exist = 0; 259 $thisacctid = $account_info[ $id]['uidnumber'][0];260 $thisacctlid = $account_info[ $id]['uid'][0];261 $thisdn = $account_info[ $id]['dn'];262 echo $thisdn . "<BR>\n"; 263 echo " Updating USERID : ".$thisacctlid."<br>\n";263 $thisacctid = $account_info[ $user_id ][ 'uidnumber' ][ 0 ]; 264 $thisacctlid = $account_info[ $user_id ][ 'uid' ][ 0 ]; 265 $thisdn = $account_info[ $user_id ][ 'dn']; 266 267 echo "{$thisdn}<br>\nUpdating USERID : {$thisacctlid}<br>\n"; 264 268 265 / * Do some checks before we try to import the data. */266 if (!empty($thisacctid) && !empty($thisacctlid))269 // Do some checks before we try to import the data. 270 if ( !empty($thisacctid) && !empty($thisacctlid)) 267 271 { 268 272 $users_process++; 269 273 270 $accounts->account_id = (int)$thisacctid; 274 //$res = ldap_search( $ldap, $config[ 'ldap_group_context' ], 'uid=' . $thisacctlid, array( 'uid', 'objectClass' ) ); 275 //$entry = ldap_get_entries( $ldap, $res ); 276 277 //error_log( print_r( $entry, true ), 3, '/tmp/log' ); 278 279 //for ( $entry = ldap_first_entry( $ldap, $res ); $entry !== false, $arr = ldap_get_attributes( $ldap, $entry ); $entry = ldap_next_entry( $ldap, $entry ) ) 280 //{ 281 // error_log( print_r( $arr, true ), 3, '/tmp/log' ); 282 //} 283 //error_log( "---------------------------------------------------\n", 3, '/tmp/log' ); 284 285 //error_log( print_r( $account_info[ $user_id ], true ), 3, '/tmp/log' ); 286 //error_log( "---------------------------------------------------\n", 3, '/tmp/log' ); 287 288 $add = array( ); 289 $objectClass = array( ); 290 291 if ( ! in_array( 'qmailUser', $account_info[ $user_id ][ 'objectclass' ] ) ) 292 $objectclass[ ] = 'qmailUser'; 293 294 if ( ! in_array( 'phpgwAccount', $account_info[ $user_id ][ 'objectclass' ] ) ) 295 { 296 $objectclass[ ] = 'phpgwAccount'; 297 $add[ 'phpgwAccountExpires' ] = array( '-1' ); 298 $add[ 'phpgwAccountStatus' ] = array( 'A' ); 299 $add[ 'phpgwAccountType' ] = array( 'u' ); 300 $add[ 'phpgwLastPasswdChange' ] = array( '1290632486' ); 301 } 302 303 if ( count( $objectclass ) ) 304 $add[ 'objectclass' ] = $objectclass; 305 306 if ( count( $add ) ) 307 ldap_mod_add( $ldap, $thisdn, $add ); 308 309 $accounts -> account_id = ( int ) $thisacctid; 271 310 272 / * Insert default acls for this user. */273 $acl ->account_id = (int)$thisacctid;274 $acl ->read_repository();311 // Insert default acls for this user. 312 $acl -> account_id = ( int ) $thisacctid; 313 $acl -> read_repository( ); 275 314 276 315 // Now add the acl to let them change their password 277 $acl ->delete('preferences','changepassword',1);278 $acl ->add('preferences','changepassword',1);316 $acl -> delete( 'preferences', 'changepassword', 1 ); 317 $acl -> add( 'preferences', 'changepassword', 1 ); 279 318 280 319 // Add user to a default group, previous created 281 $acl->add('phpgw_group','12007',1); 282 283 echo "Adding in ACL BD: ".$thisacctid."<br><br>\n"; 284 /* Save these new acls. */ 285 $acl->save_repository(); 320 $acl -> add( 'phpgw_group', '12007', 1 ); 321 322 echo "Adding in ACL BD: {$thisacctid}<br><br>\n"; 323 324 // Save these new acls. 325 $acl -> save_repository( ); 286 326 287 327 $new_uidnumber++; … … 289 329 } 290 330 } 291 $setup_complete = True; 292 } 293 294 if(isset($_GET['error'])) 295 { 296 /* echo '<br><center><b>Error:</b> '.$error.'</center>'; */ 297 $GLOBALS['phpgw_setup']->html->show_alert_msg('Error',$_GET['error']); 298 } 299 300 if($setup_complete) 301 { 302 echo '<br><center>'.lang('Modifications have been completed!').' '.lang('Click <a href="index.php">here</a> to return to setup.').'<br><center>'; 303 $GLOBALS['phpgw_setup']->html->show_footer(); 331 332 printf( "<br><center>%s %s<br></center>", 333 lang( 'Modifications have been completed!' ), 334 lang( 'Click <a href="index.php">here</a> to return to setup.' ) 335 ); 336 337 $GLOBALS['phpgw_setup' ] -> html -> show_footer( ); 304 338 exit; 305 339 } 340 341 if ( array_key_exists( 'error', $_GET ) ) 342 $GLOBALS[ 'phpgw_setup' ] -> html -> show_alert_msg( 'Error', $_GET[ 'error' ] ); 306 343 307 344 $setup_tpl->set_block('ldap','header','header'); … … 313 350 $setup_tpl->set_block('ldap','footer','footer'); 314 351 315 $user_list = ''; 316 while(list($key,$account) = @each($account_info)) 317 { 318 $user_list .= '<option value="' . $account['uidnumber'][0] . '">' . utf8_decode($account['cn'][0]) . ' (' . $account['uid'][0] . ')</option>'; 319 } 320 321 $admin_list = ''; 322 @reset($account_info); 323 while (list($key,$account) = @each($account_info)) 324 { 325 $admin_list .= '<option value="' . $account['uidnumber'][0] . '">' . utf8_decode($account['cn'][0]) . ' (' . $account['uid'][0] . ')</option>'; 326 } 352 $user_list = array( ); 353 while ( list( $key, $account ) = each( $account_info ) ) 354 $user_list[ ] = '<option value="' . $account[ 'dn' ] . '">' . utf8_decode( $account[ 'cn' ][ 0 ] ) . " ({$account[ 'uid' ][ 0 ]})</option>"; 355 356 $user_list = $admin_list = implode( '', $user_list ); 327 357 328 358 $group_list = ''; 329 while(list($key,$group) = @each($group_info)) 330 { 331 $group_list .= '<option value="' . $group['gidnumber'][0] . '">' . utf8_decode($group['cn'][0]) . '</option>'; 332 } 359 while( list( $key, $group ) = each( $group_info ) ) 360 $group_list .= '<option value="' . $group[ 'dn' ] . '">' . utf8_decode( $group[ 'cn' ][ 0 ] ) . '</option>'; 333 361 334 362 $app_list = '';
Note: See TracChangeset
for help on using the changeset viewer.