/**
* Constructor.
*/
public function __construct($instanceid)
{
global $CFG;
//fetch all instances data
parent::__construct($instanceid);
//TODO must be in some setting screen Currently in config.php
$this->config['group_attribute'] = !empty($CFG->ldap_group_attribute) ? $CFG->ldap_group_attribute : 'cn';
$this->config['group_class'] = strtolower(!empty($CFG->ldap_group_class) ? $CFG->ldap_group_class : 'groupOfUniqueNames');
//argh phpldap convert uniqueMember to lowercase array keys when returning the list of members ...
$this->config['memberattribute'] = strtolower(!empty($CFG->ldap_member_attribute) ? $CFG->ldap_member_attribute : 'uniquemember');
$this->config['memberattribute_isdn'] = !empty($CFG->ldap_member_attribute_isdn) ? $CFG->ldap_member_attribute_isdn : 1;
// new setting
$this->config['process_nested_groups'] = !empty($CFG->ldap_process_nested_groups) ? $CFG->ldap_process_nested_groups : false;
/**
* cache for found groups dn
* used for nested groups processing
*/
$this->config['groups_dn_cache'] = array();
$this->anti_recursion_array = array();
// restricted list of values to use in synchying Mahara's groups with some LDAP attribute
if (!empty($CFG->group_synching_ldap_attribute_values)) {
$this->config['group_synching_ldap_attribute_values'] = explode(',', $CFG->group_synching_ldap_attribute_values);
} else {
$this->config['group_synching_ldap_attribute_values'] = array();
}
}
static function pdfLdapForm(PluginPdfSimplePDF $pdf, Group $item)
{
if (Session::haveRight("config", "r") && AuthLdap::useAuthLdap()) {
$pdf->setColumnsSize(100);
$pdf->displayTitle(__('LDAP directory link'));
$pdf->displayText('<b>' . sprintf(__('%1$s: %2$s'), __('User attribute containing its groups') . '</b>', $item->getField('ldap_field')));
$pdf->displayText('<b>' . sprintf(__('%1$s: %2$s'), __('Attribute value') . '</b>', $item->getField('ldap_value')));
$pdf->displayText('<b>' . sprintf(__('%1$s: %2$s'), __('Group DN') . '</b>', $item->getField('ldap_group_dn')));
$pdf->displaySpace();
}
}
/**
* @param $authldap AuthLDAP object
**/
private static function buildLdapFilter(AuthLdap $authldap)
{
//Build search filter
$counter = 0;
$filter = '';
if (!empty($_SESSION['ldap_import']['criterias']) && $_SESSION['ldap_import']['interface'] == self::SIMPLE_INTERFACE) {
foreach ($_SESSION['ldap_import']['criterias'] as $criteria => $value) {
if ($value != '') {
$begin = 0;
$end = 0;
if (($length = strlen($value)) > 0) {
if ($value[0] == '^') {
$begin = 1;
}
if ($value[$length - 1] == '$') {
$end = 1;
}
}
if ($begin || $end) {
// no Toolbox::substr, to be consistent with strlen result
$value = substr($value, $begin, $length - $end - $begin);
}
$counter++;
$filter .= '(' . $authldap->fields[$criteria] . '=' . ($begin ? '' : '*') . $value . ($end ? '' : '*') . ')';
}
}
} else {
$filter = "(" . $authldap->getField("login_field") . "=*)";
}
//If time restriction
$begin_date = isset($_SESSION['ldap_import']['begin_date']) && !empty($_SESSION['ldap_import']['begin_date']) ? $_SESSION['ldap_import']['begin_date'] : NULL;
$end_date = isset($_SESSION['ldap_import']['end_date']) && !empty($_SESSION['ldap_import']['end_date']) ? $_SESSION['ldap_import']['end_date'] : NULL;
$filter .= self::addTimestampRestrictions($begin_date, $end_date);
$ldap_condition = $authldap->getField('condition');
//Add entity filter and filter filled in directory's configuration form
return "(&" . (isset($_SESSION['ldap_import']['entity_filter']) ? $_SESSION['ldap_import']['entity_filter'] : '') . " {$filter} {$ldap_condition})";
}
/**
* Is an external authentication used ?
*
* @return boolean
**/
static function useAuthExt()
{
//Get all the ldap directories
if (AuthLdap::useAuthLdap()) {
return true;
}
if (AuthMail::useAuthMail()) {
return true;
}
if (!empty($CFG_GLPI["x509_email_field"])) {
return true;
}
// Existing auth method
if (!empty($CFG_GLPI["ssovariables_id"])) {
return true;
}
// Using CAS server
if (!empty($CFG_GLPI["cas_host"])) {
return true;
}
return false;
}
/**
* @since version 0.84 (before in entitydata.class)
*
* @param $entities_id
**/
static function isEntityDirectoryConfigured($entities_id)
{
$entity = new self();
if ($entity->getFromDB($entities_id) && $entity->getField('authldaps_id') > 0) {
return true;
}
//If there's a directory marked as default
if (AuthLdap::getDefault()) {
return true;
}
return false;
}
/**
* @param $ID
**/
function showLDAPForm($ID)
{
$options = array();
$this->initForm($ID, $options);
echo "<form name='groupldap_form' id='groupldap_form' method='post' action='" . $this->getFormURL() . "'>";
echo "<div class='spaced'><table class='tab_cadre_fixe'>";
if (Group::canUpdate() && Session::haveRight("user", User::UPDATEAUTHENT) && AuthLdap::useAuthLdap()) {
echo "<tr class='tab_bg_1'>";
echo "<th colspan='2' class='center'>" . __('In users') . "</th></tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Attribute of the user containing its groups') . "</td>";
echo "<td>";
Html::autocompletionTextField($this, "ldap_field");
echo "</td></tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Attribute value') . "</td>";
echo "<td>";
Html::autocompletionTextField($this, "ldap_value");
echo "</td></tr>";
echo "<tr class='tab_bg_1'>";
echo "<th colspan='2' class='center'>" . __('In groups') . "</th>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Group DN') . "</td>";
echo "<td>";
Html::autocompletionTextField($this, "ldap_group_dn");
echo "</td></tr>";
}
$options = array('colspan' => 1, 'candel' => false);
$this->showFormButtons($options);
}
}
if (!isset($_SESSION["ldap_server"])) {
if (isset($_POST["ldap_server"])) {
$_SESSION["ldap_server"] = $_POST["ldap_server"];
} else {
Html::redirect($CFG_GLPI["root_doc"] . "/front/ldap.php");
}
}
if (!AuthLdap::testLDAPConnection($_SESSION["ldap_server"])) {
unset($_SESSION["ldap_server"]);
echo "<div class='center b'>" . __('Unable to connect to the LDAP directory') . "<br>";
echo "<a href='" . $_SERVER['PHP_SELF'] . "?next=listservers'>" . __('Back') . "</a></div>";
} else {
if (!isset($_SESSION["ldap_group_filter"])) {
$_SESSION["ldap_group_filter"] = '';
}
if (!isset($_SESSION["ldap_group_filter2"])) {
$_SESSION["ldap_group_filter2"] = '';
}
if (isset($_GET["order"])) {
$_SESSION["ldap_sortorder"] = $_GET["order"];
}
if (!isset($_SESSION["ldap_sortorder"])) {
$_SESSION["ldap_sortorder"] = "ASC";
}
AuthLdap::displayLdapFilter($_SERVER['PHP_SELF'], false);
AuthLdap::showLdapGroups($_SERVER['PHP_SELF'], $_GET['start'], 0, $_SESSION["ldap_group_filter"], $_SESSION["ldap_group_filter2"], $_SESSION["glpiactive_entity"], $_SESSION["ldap_sortorder"]);
}
}
}
Html::footer();
function search($query)
{
$userlist = array();
$ldapinfo = array();
$combined_userlist = array();
foreach (preg_split('/\\n/', $this->getConfig()->get('basedn')) as $i => $dn) {
$dn = trim($dn);
$servers = $this->getConfig()->get('servers');
$serversa = preg_split('/\\s+/', $servers);
$sd = $this->getConfig()->get('shortdomain');
$sda = preg_split('/;|,/', $sd);
$bind_dn = $this->getConfig()->get('bind_dn');
$bind_dna = preg_split('/\\n/', $bind_dn);
$bind_pw = $this->getConfig()->get('bind_pw');
$bind_pwa = preg_split('/;|,/', $bind_pw);
$ldapinfo[] = array('dn' => trim($dn), 'sd' => trim($sda[$i]), 'servers' => trim($serversa[$i]), 'bind_dn' => trim($bind_dna[$i]), 'bind_pw' => trim($bind_pwa[$i]));
}
foreach ($ldapinfo as $data) {
$ldap = new AuthLdap();
$ldap->serverType = 'ActiveDirectory';
$ldap->server = preg_split('/;|,/', $data['servers']);
$ldap->dn = $data['dn'];
$ldap->searchUser = $data['bind_dn'];
$ldap->searchPassword = $data['bind_pw'];
if ($ldap->connect()) {
$filter = "(&(objectCategory=person)(objectClass=user)(|(sAMAccountName={q}*)(firstName={q}*)(lastName={q}*)(displayName={q}*)))";
if ($userlist = $ldap->getUsers($query, array('sAMAccountName', 'sn', 'givenName', 'displayName', 'mail', 'telephoneNumber', 'distinguishedName'), $filter)) {
//echo 'userlist: ' . json_encode($userlist);
$temp_userlist = $this->multi_re_key($userlist, array('sAMAccountName', 'givenName', 'sn', 'displayName', 'mail', 'telephoneNumber', 'distinguishedName'), array('username', 'first', 'last', 'full', 'email', 'phone', 'dn'));
$combined_userlist = array_merge($combined_userlist, $temp_userlist);
}
} else {
$conninfo[] = array(false, $data['sd'] . " error: " . $ldap->ldapErrorCode . " - " . $ldap->ldapErrorText);
}
}
return $combined_userlist;
}
/**
* @param $pid
* @param $data
* @param $server
* @param $prof
* @param $verb
* @param $mail
**/
function syncEntity($pid, $data, $server, $prof, $verb, $mail)
{
global $DB, $LANG, $CFG_GLPI;
// Re-establish DB connexion - mandatory in each forked process
if (!DBConnection::switchToMaster()) {
echo " {$pid}: lost DB connection\n";
return 0;
}
// Server from entity (if not given from option)
if ($data['authldaps_id'] > 0) {
$server = $data['authldaps_id'];
}
$entity = new Entity();
if ($entity->getFromDB($id = $data['id'])) {
$tps = microtime(true);
if ($verb) {
echo " {$pid}: Synchonizing entity '" . $entity->getField('completename') . "' ({$id}, mail={$mail})\n";
}
$sql = "SELECT DISTINCT glpi_users.*\n FROM glpi_users\n INNER JOIN glpi_profiles_users\n ON (glpi_profiles_users.users_id = glpi_users.id\n AND glpi_profiles_users.entities_id = {$id}";
if ($prof > 0) {
$sql .= " AND glpi_profiles_users.profiles_id = {$prof}";
}
$sql .= ")\n WHERE glpi_users.authtype = " . Auth::LDAP;
if ($server > 0) {
$sql .= " AND glpi_users.auths_id = {$server}";
}
$users = array();
$results = array(AuthLDAP::USER_IMPORTED => 0, AuthLDAP::USER_SYNCHRONIZED => 0, AuthLDAP::USER_DELETED_LDAP => 0);
$req = $DB->request($sql);
$i = 0;
$nb = $req->numrows();
foreach ($req as $row) {
$i++;
$result = AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $row['name']), AuthLDAP::ACTION_SYNCHRONIZE, $row['auths_id']);
if ($result) {
$results[$result['action']] += 1;
$users[$row['id']] = $row['name'];
if ($result['action'] == AuthLDAP::USER_SYNCHRONIZED) {
if ($verb) {
echo " {$pid}: User '" . $row['name'] . "' synchronized ({$i}/{$nb})\n";
}
} else {
if ($verb) {
echo " {$pid}: User '" . $row['name'] . "' deleted\n";
}
}
} else {
if ($verb) {
echo " {$pid}: Problem with LDAP for user '" . $row['name'] . "'\n";
}
}
}
$tps = microtime(true) - $tps;
printf(" %d: Entity '%s' - Synchronized: %d, Deleted from LDAP: %d, Time: %.2f\"\n", $pid, $entity->getField('completename'), $results[AuthLDAP::USER_SYNCHRONIZED], $results[AuthLDAP::USER_DELETED_LDAP], $tps);
if ($mail) {
$report = '';
$user = new User();
foreach ($users as $id => $name) {
if ($user->getFromDB($id)) {
$logs = Log::getHistoryData($user, 0, $_SESSION['glpilist_limit'], "`date_mod`='" . $_SESSION['glpi_currenttime'] . "'");
if (count($logs)) {
$report .= "\n{$name} (" . $user->getName() . ")\n";
foreach ($logs as $log) {
$report .= "\t";
if ($log['field']) {
$report .= $log['field'] . ": ";
}
$report .= Html::clean($log['change']) . "\n";
}
}
} else {
$report .= "\n" . $name . "\n\t deleted\n";
}
}
if ($report) {
$report = "Synchronization of already imported users\n " . "Entité: " . $entity->getField('completename') . "\n " . "Date: " . Html::convDateTime($_SESSION['glpi_currenttime']) . "\n " . $report;
$entdata = new Entity();
$mmail = new NotificationMail();
$mmail->AddCustomHeader("Auto-Submitted: auto-generated");
$mmail->From = $CFG_GLPI["admin_email"];
$mmail->FromName = "GLPI";
$mmail->Subject = "[GLPI] LDAP directory link";
$mmail->Body = $report . "\n--\n" . $CFG_GLPI["mailing_signature"];
if ($mail & 1 && $entdata->getFromDB($entity->getField('id')) && $entdata->fields['admin_email']) {
$mmail->AddAddress($entdata->fields['admin_email']);
} else {
if ($mail & 1 && $verb) {
echo " {$pid}: No address found for email entity\n";
}
$mail = $mail & 2;
}
if ($mail & 2 && $CFG_GLPI['admin_email']) {
$mmail->AddAddress($CFG_GLPI['admin_email']);
} else {
if ($mail & 2 && $verb) {
echo " {$pid}: No address found for email admin\n";
}
$mail = $mail & 1;
}
if ($mail) {
if ($mmail->Send() && $verb) {
echo " {$pid}: Report sent by email\n";
}
} else {
echo " {$pid}: Cannot send report (" . $entity->getField('completename') . ") " . "invalid address\n";
}
}
}
return $results[AuthLDAP::USER_DELETED_LDAP] + $results[AuthLDAP::USER_SYNCHRONIZED];
}
return 0;
}
<?php
include '../../../inc/includes.php';
Session::checkRight("config", "w");
$authldap = new AuthLdap();
$authldap->getFromDB($_POST['value']);
$filter = "(" . $authldap->getField("login_field") . "=*)";
$ldap_condition = $authldap->getField('condition');
echo "(& {$filter} {$ldap_condition})";
foreach ($_POST["item"] as $key => $val) {
if ($val == 1) {
$ids[] = $key;
}
}
$softdictionnayrule->replayRulesOnExistingDB(0, 0, $ids);
break;
case "force_user_ldap_update":
checkRight("user", "w");
$user = new User();
$ids = array();
foreach ($_POST["item"] as $key => $val) {
if ($val == 1) {
$user->getFromDB($key);
if ($user->fields["authtype"] == Auth::LDAP || $user->fields["authtype"] == Auth::EXTERNAL) {
AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $user->fields["name"]), 1, $user->fields["auths_id"]);
}
}
}
break;
case "add_transfer_list":
if (!isset($_SESSION['glpitransfer_list'])) {
$_SESSION['glpitransfer_list'] = array();
}
if (!isset($_SESSION['glpitransfer_list'][$_POST["itemtype"]])) {
$_SESSION['glpitransfer_list'][$_POST["itemtype"]] = array();
}
foreach ($_POST["item"] as $key => $val) {
if ($val == 1) {
$_SESSION['glpitransfer_list'][$_POST["itemtype"]][$key] = $key;
}
GLPI is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
GLPI is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GLPI. If not, see <http://www.gnu.org/licenses/>.
--------------------------------------------------------------------------
*/
/** @file
* @brief
*/
include '../inc/includes.php';
Session::checkRight("user", User::IMPORTEXTAUTHUSERS);
Html::header(__('LDAP directory link'), $_SERVER['PHP_SELF'], "admin", "user", "ldap");
if (isset($_SESSION["ldap_sortorder"])) {
unset($_SESSION["ldap_sortorder"]);
}
AuthLdap::manageValuesInSession(array(), true);
echo "<div class='center'><table class='tab_cadre'>";
echo "<tr><th>" . __('Bulk import users from a LDAP directory') . "</th></tr>";
echo "<tr class='tab_bg_1'><td class='center b'>" . "<a href='ldap.import.php?mode=1&action=show'>" . __('Synchronizing already imported users') . "</a></td></tr>";
echo "<tr class='tab_bg_1'><td class='center b'>" . "<a href='ldap.import.php?mode=0&action=show'>" . __('Import new users') . "</a></td> </tr>";
echo "</table></div>";
Html::footer();
static function isEntityDirectoryConfigured($entities_id)
{
$entitydatas = new EntityData();
if ($entitydatas->getFromDB($entities_id) && $entitydatas->getField('authldaps_id') != NOT_AVAILABLE) {
return true;
}
//If there's a directory marked as default
if (AuthLdap::getDefault()) {
return true;
}
return false;
}
function showLDAPForm($target, $ID)
{
global $LANG;
if (!haveRight("group", "r")) {
return false;
}
if ($ID > 0) {
$this->check($ID, 'r');
} else {
// Create item
$this->check(-1, 'w');
}
echo "<form name='groupldap_form' id='groupldap_form' method='post' action='{$target}'>";
echo "<div class='spaced'><table class='tab_cadre_fixe'>";
if (haveRight("config", "r") && AuthLdap::useAuthLdap()) {
echo "<tr class='tab_bg_1'>";
echo "<td colspan='2' class='center'>" . $LANG['setup'][256] . " : </td></tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . $LANG['setup'][260] . " : </td>";
echo "<td>";
autocompletionTextField($this, "ldap_field");
echo "</td></tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . $LANG['setup'][601] . " : </td>";
echo "<td>";
autocompletionTextField($this, "ldap_value");
echo "</td></tr>";
echo "<tr class='tab_bg_1'>";
echo "<td colspan='2' class='center'>" . $LANG['setup'][257] . " : </td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . $LANG['setup'][261] . " : </td>";
echo "<td>";
autocompletionTextField($this, "ldap_group_dn");
echo "</td></tr>";
}
$options = array('colspan' => 1, 'candel' => false);
$this->showFormButtons($options);
echo "</table></div></form>";
}
}
echo "\n";
}
} else {
echo "No OCS server\n";
}
}
// Check Auth connections
$auth = new Auth();
$auth->getAuthMethods();
$ldap_methods = $auth->authtypes["ldap"];
if (count($ldap_methods)) {
echo "Check LDAP servers:";
foreach ($ldap_methods as $method) {
echo " " . $method['name'];
if (AuthLdap::tryToConnectToServer($method, $method["rootdn"], decrypt($method["rootdn_passwd"], GLPIKEY))) {
echo "_OK";
} else {
echo "_PROBLEM";
$ok = false;
}
echo "\n";
}
} else {
echo "No LDAP server\n";
}
// TODO Check mail server : cannot open a mail connexion / only ping server ?
// TODO check CAS url / check url using socket ?
}
echo "\n";
if ($ok) {
This file is part of GLPI.
GLPI is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
GLPI is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GLPI. If not, see <http://www.gnu.org/licenses/>.
--------------------------------------------------------------------------
*/
/** @file
* @brief
*/
if (strpos($_SERVER['PHP_SELF'], "ldapdaterestriction.php")) {
include '../inc/includes.php';
header("Content-Type: text/html; charset=UTF-8");
Html::header_nocache();
}
if (!defined('GLPI_ROOT')) {
die("Can not acces directly to this file");
}
Session::checkLoginUser();
AuthLdap::showDateRestrictionForm($_POST);
if (isset($_POST["change_auth_method"])) {
Session::checkRight('user', User::UPDATEAUTHENT);
if (isset($_POST["auths_id"])) {
User::changeAuthMethod(array($_POST["id"]), $_POST["authtype"], $_POST["auths_id"]);
}
Html::back();
} else {
if (isset($_GET["ext_auth"])) {
Html::header(User::getTypeName(Session::getPluralNumber()), '', "admin", "user");
User::showAddExtAuthForm();
Html::footer();
} else {
if (isset($_POST['add_ext_auth_ldap'])) {
Session::checkRight("user", User::IMPORTEXTAUTHUSERS);
if (isset($_POST['login']) && !empty($_POST['login'])) {
AuthLdap::importUserFromServers(array('name' => $_POST['login']));
}
Html::back();
} else {
if (isset($_POST['add_ext_auth_simple'])) {
if (isset($_POST['login']) && !empty($_POST['login'])) {
Session::checkRight("user", User::IMPORTEXTAUTHUSERS);
$input = array('name' => $_POST['login'], '_extauth' => 1, 'add' => 1);
$user->check(-1, CREATE, $input);
$newID = $user->add($input);
Event::log($newID, "users", 4, "setup", sprintf(__('%1$s adds the item %2$s'), $_SESSION["glpiname"], $_POST["login"]));
}
Html::back();
} else {
Session::checkRight("user", READ);
Html::header(User::getTypeName(Session::getPluralNumber()), '', "admin", "user");
/**
* This method return GLPI status (same as status.php)
*
* @param $params array of option : ignored
* @param $protocol the communication protocol used
*
* @return an response ready to be encode
**/
static function methodStatus($params, $protocol)
{
global $DB;
if (isset($params['help'])) {
return array('help' => 'bool,optional');
}
$resp = array();
$ok_master = true;
$ok_slave = true;
$ok = true;
// Check slave server connection
if (DBConnection::isDBSlaveActive()) {
$DBslave = DBConnection::getDBSlaveConf();
if (is_array($DBslave->dbhost)) {
$hosts = $DBslave->dbhost;
} else {
$hosts = array($DBslave->dbhost);
}
foreach ($hosts as $num => $name) {
$diff = DBConnection::getReplicateDelay($num);
if ($diff > 1000000000) {
$resp['slavedb_' . $num] = "offline";
$ok_slave = false;
} else {
if ($diff) {
$resp['slavedb_' . $num] = $diff;
if ($diff > HOUR_TIMESTAMP) {
$ok_slave = false;
}
} else {
$resp['slavedb_' . $num] = "ok";
}
}
}
} else {
$resp['slavedb'] = "not configured";
}
// Check main server connection
if (DBConnection::establishDBConnection(false, true, false)) {
$resp['maindb'] = "ok";
} else {
$resp['slavedb'] = "offline";
$ok_master = false;
}
// Slave and master ok;
$ok = $ok_slave && $ok_master;
// Check session dir (usefull when NFS mounted))
if (is_dir(GLPI_SESSION_DIR) && is_writable(GLPI_SESSION_DIR)) {
$resp['sessiondir'] = "ok";
} else {
$resp['sessiondir'] = "not writable";
$ok = false;
}
// Reestablished DB connection
if (($ok_master || $ok_slave) && DBConnection::establishDBConnection(false, false, false)) {
// Check Auth connections
$auth = new Auth();
$auth->getAuthMethods();
$ldap_methods = $auth->authtypes["ldap"];
if (count($ldap_methods)) {
foreach ($ldap_methods as $method) {
if ($method['is_active']) {
if (AuthLdap::tryToConnectToServer($method, $method["rootdn"], Toolbox::decrypt($method["rootdn_passwd"], GLPIKEY))) {
$resp['LDAP_' . $method['name']] = "ok";
} else {
$resp['LDAP_' . $method['name']] = "offline";
$ok = false;
}
}
}
}
}
if ($ok) {
$resp['glpi'] = "ok";
} else {
$resp['glpi'] = "error";
}
return $resp;
}
if ($_SESSION['ldap_import']['action'] == 'show') {
$_REQUEST['target'] = $_SERVER['PHP_SELF'];
$authldap = new AuthLDAP();
$authldap->getFromDB($_SESSION['ldap_import']['authldaps_id']);
AuthLdap::showUserImportForm($authldap);
if (isset($_SESSION['ldap_import']['authldaps_id']) && $_SESSION['ldap_import']['authldaps_id'] != NOT_AVAILABLE && isset($_SESSION['ldap_import']['criterias']) && !empty($_SESSION['ldap_import']['criterias'])) {
echo "<br />";
AuthLdap::searchUser($authldap);
}
} else {
if (isset($_SESSION["ldap_process"])) {
if ($count = count($_SESSION["ldap_process"])) {
$percent = min(100, round(100 * ($_SESSION["ldap_process_count"] - $count) / $_SESSION["ldap_process_count"], 0));
displayProgressBar(400, $percent);
$key = array_pop($_SESSION["ldap_process"]);
AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $key), $_SESSION['ldap_import']["mode"], $_SESSION['ldap_import']["authldaps_id"], true);
glpi_header($_SERVER['PHP_SELF']);
} else {
unset($_SESSION["ldap_process"]);
displayProgressBar(400, 100);
echo "<div class='center b'>" . $LANG['ocsng'][8] . "<br>";
echo "<a href='" . $_SERVER['PHP_SELF'] . "'>" . $LANG['buttons'][13] . "</a></div>";
unset($_SESSION["authldaps_id"]);
unset($_SESSION["mode"]);
unset($_SESSION["interface"]);
$_SESSION['ldap_import']['action'] = 'show';
refreshDropdownPopupInMainWindow();
}
} else {
if (count($_POST['toprocess']) > 0) {
$_SESSION["ldap_process_count"] = 0;
/**
* Function to import or synchronise all the users from an ldap directory
*
* @param $options array
**/
function import(array $options)
{
global $CFG_GLPI;
$results = array(AuthLDAP::USER_IMPORTED => 0, AuthLDAP::USER_SYNCHRONIZED => 0, AuthLDAP::USER_DELETED_LDAP => 0);
//The ldap server id is passed in the script url (parameter server_id)
$limitexceeded = false;
$actions_to_do = array();
switch ($options['action']) {
case AuthLDAP::ACTION_IMPORT:
$actions_to_do = array(AuthLDAP::ACTION_IMPORT);
break;
case AuthLDAP::ACTION_SYNCHRONIZE:
$actions_to_do = array(AuthLDAP::ACTION_SYNCHRONIZE);
break;
case AuthLDAP::ACTION_ALL:
$actions_to_do = array(AuthLDAP::ACTION_IMPORT, AuthLDAP::ACTION_ALL);
break;
}
foreach ($actions_to_do as $action_to_do) {
$options['mode'] = $action_to_do;
$options['authldaps_id'] = $options['ldapservers_id'];
$users = AuthLdap::getAllUsers($options, $results, $limitexceeded);
$contact_ok = true;
if (is_array($users)) {
foreach ($users as $user) {
$result = AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $user["user"]), $action_to_do, $options['ldapservers_id']);
if ($result) {
$results[$result['action']] += 1;
}
echo ".";
}
} else {
if (!$users) {
$contact_ok = false;
}
}
}
if ($limitexceeded) {
echo "\nLDAP Server size limit exceeded";
if ($CFG_GLPI['user_deleted_ldap']) {
echo ": user deletion disabled\n";
}
echo "\n";
}
if ($contact_ok) {
echo "\nImported: " . $results[AuthLDAP::USER_IMPORTED] . "\n";
echo "Synchronized: " . $results[AuthLDAP::USER_SYNCHRONIZED] . "\n";
echo "Deleted from LDAP: " . $results[AuthLDAP::USER_DELETED_LDAP] . "\n";
} else {
echo "Cannot contact LDAP server!\n";
}
echo "\n\n";
}
if (!defined('GLPI_ROOT')) {
include '../inc/includes.php';
}
Session::checkRight("import_externalauth_users", 'w');
// Need REQUEST to manage initial walues and posted ones
AuthLdap::manageValuesInSession($_REQUEST);
if (isset($_SESSION['ldap_import']['popup']) && $_SESSION['ldap_import']['popup']) {
Html::popHeader(__('LDAP directory link'), $_SERVER['PHP_SELF']);
} else {
Html::header(__('LDAP directory link'), $_SERVER['PHP_SELF'], "admin", "user", "ldap");
}
if (isset($_GET['start'])) {
$_SESSION['ldap_import']['start'] = $_GET['start'];
}
if (isset($_GET['order'])) {
$_SESSION['ldap_import']['order'] = $_GET['order'];
}
if ($_SESSION['ldap_import']['action'] == 'show') {
$authldap = new AuthLDAP();
$authldap->getFromDB($_SESSION['ldap_import']['authldaps_id']);
AuthLdap::showUserImportForm($authldap);
if (isset($_SESSION['ldap_import']['authldaps_id']) && $_SESSION['ldap_import']['authldaps_id'] != NOT_AVAILABLE && isset($_SESSION['ldap_import']['criterias']) && !empty($_SESSION['ldap_import']['criterias'])) {
echo "<br />";
AuthLdap::searchUser($authldap);
}
}
if (isset($_SESSION['ldap_import']['popup']) && $_SESSION['ldap_import']['popup']) {
Html::ajaxFooter();
} else {
Html::footer();
}
/**
* Display information from LDAP server for user
**/
private function showLdapDebug()
{
if ($this->fields['authtype'] != Auth::LDAP) {
return false;
}
echo "<div class='spaced'>";
echo "<table class='tab_cadre_fixe'>";
echo "<tr><th colspan='4'>" . __('LDAP directory') . "</th></tr>";
echo "<tr class='tab_bg_2'><td>" . __('User DN') . "</td>";
echo "<td>" . $this->fields['user_dn'] . "</td></tr>\n";
if ($this->fields['user_dn']) {
echo "<tr class='tab_bg_2'><td>" . __('User information') . "</td><td>";
$config_ldap = new AuthLDAP();
$ds = false;
if ($config_ldap->getFromDB($this->fields['auths_id'])) {
$ds = $config_ldap->connect();
}
if ($ds) {
$info = AuthLdap::getUserByDn($ds, $this->fields['user_dn'], array('*', 'createTimeStamp', 'modifyTimestamp'));
if (is_array($info)) {
Html::printCleanArray($info);
} else {
_e('No item to display');
}
} else {
_e('Connection failed');
}
echo "</td></tr>\n";
}
echo "</table></div>";
}
/**
* synchronize Mahara's groups with groups defined on a LDAP server
*
* @param string $institutionname Name of the institution to process
* @param array $excludelist exclude LDAP groups matching these regular expressions in their names
* @param array $includelist process only LDAP groups matching these regular expressions in their names
* @param array $onlycontexts Restrict searching in these contexts (override values set in authentication plugin)
* @param boolean $searchsub search in subcontexts (override values set in authentication plugin)
* @param string $grouptype type of Mahara group to create, should be 'standard' or 'course'
* @param string $groupattribute If this is present, then instead of searching for groups as objects in ldap,
* we search for distint values of this attribute in user accounts in LDAP, and create a group for each distinct value.
* @param boolean $docreate create new accounts
* @param boolean $dryrun dummy execution. Do not perform any database operations
* @return boolean
*/
function auth_ldap_sync_groups($institutionname, $syncbyclass = false, $excludelist = null, $includelist = null, $onlycontexts = null, $searchsub = null, $grouptype = null, $docreate = null, $nestedgroups = null, $groupclass = null, $groupattribute = null, $syncbyattribute = false, $userattribute = null, $attrgroupnames = null, $dryrun = false)
{
log_info('---------- started institution group sync for "' . $institutionname . '" at ' . date('r', time()) . ' ----------');
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("exclusion list : ");
var_dump($excludelist);
log_debug("inclusion list : ");
var_dump($includelist);
}
$auths = get_records_select_array('auth_instance', "authname in ('cas', 'ldap') and institution=?", array($institutionname));
if (get_config('auth_ldap_debug_sync_cron')) {
log_debug("auths candidates : ");
var_dump($auths);
}
if (count($auths) == 0) {
log_warn(get_string('nomatchingauths', 'auth.ldap'));
return false;
}
$result = true;
foreach ($auths as $auth) {
$instance = new AuthLdap($auth->id);
$instance->set_config('syncgroupscron', true);
$instance->set_config('syncgroupsbyclass', $syncbyclass);
$instance->set_config('syncgroupsbyuserfield', $syncbyattribute);
if ($excludelist !== null) {
if (!is_array($excludelist)) {
$excludelist = preg_split('/\\s*,\\s*/', trim($excludelist));
}
$instance->set_config('syncgroupsexcludelist', $excludelist);
}
if ($includelist !== null) {
if (!is_array($includelist)) {
$includelist = preg_split('/\\s*,\\s*/', trim($includelist));
}
$instance->set_config('syncgroupsincludelist', $includelist);
}
if ($onlycontexts !== null) {
$instance->set_config('syncgroupscontexts', $onlycontexts);
}
if ($searchsub !== null) {
$instance->set_config('syncgroupssearchsub', $searchsub);
}
if ($grouptype !== null) {
$instance->set_config('syncgroupsgrouptype', $grouptype);
}
if ($nestedgroups !== null) {
$instance->set_config('nestedgroups', $nestedgroups);
}
if ($groupclass !== null) {
$instance->set_config('syncgroupsgroupclass', $groupclass);
}
if ($groupattribute !== null) {
$instance->set_config('syncgroupsgroupattribute', $groupattribute);
}
if ($docreate !== null) {
$instance->set_config('syncgroupsautocreate', $docreate);
}
$result = $result && $instance->sync_groups($dryrun);
}
log_info('---------- finished institution group sync at ' . date('r', time()) . ' ----------');
return $result;
}
if (isset($_POST["test_ldap"])) {
$config_ldap->getFromDB($_POST["id"]);
if (AuthLdap::testLDAPConnection($_POST["id"])) {
//TRANS: %s is the description of the test
$_SESSION["LDAP_TEST_MESSAGE"] = sprintf(__('Test successful: %s'), sprintf(__('Main server %s'), $config_ldap->fields["name"]));
} else {
//TRANS: %s is the description of the test
$_SESSION["LDAP_TEST_MESSAGE"] = sprintf(__('Test failed: %s'), sprintf(__('Main server %s'), $config_ldap->fields["name"]));
}
Html::back();
} else {
if (isset($_POST["test_ldap_replicate"])) {
foreach ($_POST["test_ldap_replicate"] as $replicate_id => $value) {
$replicate = new AuthLdapReplicate();
$replicate->getFromDB($replicate_id);
if (AuthLdap::testLDAPConnection($_POST["id"], $replicate_id)) {
//TRANS: %s is the description of the test
$_SESSION["LDAP_TEST_MESSAGE"] = sprintf(__('Test successful: %s'), sprintf(__('Replicate %s'), $ldap->fields["name"]));
} else {
//TRANS: %s is the description of the test
$_SESSION["LDAP_TEST_MESSAGE"] = sprintf(__('Test failed: %s'), sprintf(__('Replicate %s'), $ldap->fields["name"]));
}
}
Html::back();
} else {
if (isset($_POST["add_replicate"])) {
$replicate = new AuthLdapReplicate();
unset($_POST["next"]);
unset($_POST["id"]);
$replicate->add($_POST);
Html::back();
/**
* Display information from LDAP server for user
**/
private function showLdapDebug()
{
global $LANG;
if ($this->fields['authtype'] != Auth::LDAP) {
return false;
}
echo "<div class='spaced'>";
echo "<table class='tab_cadre_fixe'>";
echo "<tr><th colspan='4'>" . $LANG['setup'][137] . ' - ' . $LANG['login'][2] . "</th></tr>";
echo "<tr class='tab_bg_2'><td>" . $LANG['ldap'][26] . " :</td>";
echo "<td>" . $this->fields['user_dn'] . "</td></tr>\n";
if ($this->fields['user_dn']) {
echo "<tr class='tab_bg_2'><td>" . $LANG['title'][13] . " :</td><td>";
$config_ldap = new AuthLDAP();
$ds = false;
if ($config_ldap->getFromDB($this->fields['auths_id'])) {
$ds = $config_ldap->connect();
}
if ($ds) {
$info = AuthLdap::getUserByDn($ds, $this->fields['user_dn'], array('*', 'createTimeStamp', 'modifyTimestamp'));
if (is_array($info)) {
printCleanArray($info);
} else {
echo $LANG['stats'][2];
}
} else {
echo $LANG['log'][41];
}
echo "</td></tr>\n";
}
echo "</table></div>";
}
