/**
* synchronize Mahara's groups with groups defined on a LDAP server
*
* @param boolean $dryrun dummy execution. Do not perform any database operations
* @return boolean
*/
function sync_groups($dryrun = false)
{
global $USER;
log_info('---------- started groupsync auth instance ' . $this->instanceid . ' at ' . date('r', time()) . ' ----------');
if (!$this->get_config('syncgroupscron')) {
log_info('Not set to sync groups, so exiting');
return true;
}
// We need to tell the session that we are the admin user, so that we have permission to manipulate groups
$USER->reanimate(1, 1);
$syncbyattribute = $this->get_config('syncgroupsbyuserfield') && $this->get_config('syncgroupsgroupattribute');
$syncbyclass = $this->get_config('syncgroupsbyclass') && $this->get_config('syncgroupsgroupclass') && $this->get_config('syncgroupsgroupattribute') && $this->get_config('syncgroupsmemberattribute');
$excludelist = $this->get_config('syncgroupsexcludelist');
$includelist = $this->get_config('syncgroupsincludelist');
$searchsub = $this->get_config('syncgroupssearchsub');
$grouptype = $this->get_config('syncgroupsgrouptype');
$groupattribute = $this->get_config('syncgroupsgroupattribute');
$docreate = $this->get_config('syncgroupsautocreate');
// If neither one is set, return
if (!$syncbyattribute && !$syncbyclass) {
log_info('not set to sync by user attribute or by group objects, so exiting');
return true;
}
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("exclusion list : ");
var_dump($excludelist);
log_debug("inclusion list : ");
var_dump($includelist);
}
// fetch userids of current members of that institution
if ($this->institution == 'mahara') {
$currentmembers = get_records_sql_assoc('select u.username as username, u.id as id from {usr} u where u.deleted=0 and not exists (select 1 from {usr_institution} ui where ui.usr=u.id)', array());
} else {
$currentmembers = get_records_sql_assoc('select u.username as username, u.id as id from {usr} u inner join {usr_institution} ui on u.id=ui.usr where u.deleted=0 and ui.institution=?', array($this->institution));
}
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("current members : " . count($currentmembers));
var_dump($currentmembers);
}
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("config. LDAP : ");
var_dump($this->get_config());
}
$groups = array();
if ($syncbyattribute) {
// get the distinct values of the used attribute by a LDAP search
// that may be restricted by flags -c or -o
$groups = array_merge($groups, $this->get_attribute_distinct_values($searchsub));
}
if ($syncbyclass) {
$groups = array_merge($groups, $this->ldap_get_grouplist('*', $searchsub));
}
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("Found LDAP groups : ");
var_dump($groups);
}
$nbadded = 0;
foreach ($groups as $group) {
$nomatch = false;
log_debug("Processing group '{$group}'");
if (!ldap_sync_filter_name($group, $includelist, $excludelist)) {
continue;
}
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("processing group : ");
var_dump($group);
}
$ldapusers = array();
if ($syncbyattribute) {
$ldapusers = array_merge($ldapusers, $this->get_users_having_attribute_value($group));
}
if ($syncbyclass) {
$ldapusers = array_merge($ldapusers, $this->ldap_get_group_members($group));
}
// test whether this group exists within the institution
// group.shortname is limited to 255 characters. Unlikely anyone will hit this, but why not?
$shortname = substr($group, 0, 255);
if (!($dbgroup = get_record('group', 'shortname', $shortname, 'institution', $this->institution))) {
if (!$docreate) {
log_debug('autocreation is off so skipping Mahara not existing group ' . $group);
continue;
}
if (count($ldapusers) == 0) {
log_debug('will not autocreate an empty Mahara group ' . $group);
continue;
}
try {
log_info('creating group ' . $group);
// Make sure the name is unique (across all institutions)
// group.name only allows 128 characters. In the event of
// really long group names, we'll arbitrarily truncate them
$basename = $this->institution . ' : ' . $group;
$name = substr($basename, 0, 128);
$n = 0;
while (record_exists('group', 'name', $name)) {
$n++;
$tail = " {$n}";
$name .= substr($basename, 0, 128 - strlen($tail)) . $tail;
}
$dbgroup = array();
$dbgroup['name'] = $name;
$dbgroup['institution'] = $this->institution;
$dbgroup['shortname'] = $shortname;
$dbgroup['grouptype'] = $grouptype;
// default standard (change to course)
$dbgroup['controlled'] = 1;
//definitively
$nbadded++;
if (!$dryrun) {
$groupid = group_create($dbgroup);
}
} catch (Exception $ex) {
log_warn($ex->getMessage());
continue;
}
} else {
$groupid = $dbgroup->id;
log_debug('group exists ' . $group);
}
// now it does exist see what members should be added/removed
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug($group . ' : ');
var_dump($ldapusers);
}
// Puts the site's "admin" user into the group as a group admin
$members = array('1' => 'admin');
//must be set otherwise fatal error group_update_members: no group admins listed for group
foreach ($ldapusers as $username) {
if (isset($currentmembers[$username])) {
$id = $currentmembers[$username]->id;
$members[$id] = 'member';
}
}
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug('new members list : ' . count($members));
var_dump($members);
}
unset($ldapusers);
//try to save memory before memory consuming call to API
$result = $dryrun ? false : group_update_members($groupid, $members);
if ($result) {
log_info(" -> added : {$result['added']} removed : {$result['removed']} updated : {$result['updated']}");
} else {
log_debug('-> no change for ' . $group);
}
unset($members);
//break;
}
log_info('---------- finished groupsync auth instance ' . $this->instanceid . ' at ' . date('r', time()) . ' ----------');
return true;
}
if ($searchsub !== false) {
$instance->set_config('search_sub', $searchsub ? 'yes' : 'no');
}
if ($CFG->debug_ldap_groupes) {
moodle_print_object("config. LDAP : ", $instance->get_config());
}
// get the distinct values of the used attribute by a LDAP search
// that may be restricted by flags -c or -o
$groups = $instance->get_attribute_distinct_values();
if ($CFG->debug_ldap_groupes) {
moodle_print_object("distinct values found for {$attributename} ", $groups);
}
$nbadded = 0;
foreach ($groups as $group) {
// skip if in excludelist or not in the includelist
if (!ldap_sync_filter_name($group, $includelist, $excludelist)) {
continue;
}
if ($CFG->debug_ldap_groupes) {
moodle_print_object("processing group : ", $group);
}
// test whether this group exists within the institution
if (!($dbgroup = get_record('group', 'shortname', $group, 'institution', $institutionname))) {
if ($nocreate) {
$cli->cli_print('autocreation is off so skipping Mahara not existing group ' . $group);
continue;
}
$ldapusers = $instance->get_users_having_attribute_value($group);
if (count($ldapusers) == 0) {
$cli->cli_print('will not autocreate an empty Mahara group ' . $group);
continue;
