/** * synchronize Mahara's groups with groups defined on a LDAP server * * @param boolean $dryrun dummy execution. Do not perform any database operations * @return boolean */ function sync_groups($dryrun = false) { global $USER; log_info('---------- started groupsync auth instance ' . $this->instanceid . ' at ' . date('r', time()) . ' ----------'); if (!$this->get_config('syncgroupscron')) { log_info('Not set to sync groups, so exiting'); return true; } // We need to tell the session that we are the admin user, so that we have permission to manipulate groups $USER->reanimate(1, 1); $syncbyattribute = $this->get_config('syncgroupsbyuserfield') && $this->get_config('syncgroupsgroupattribute'); $syncbyclass = $this->get_config('syncgroupsbyclass') && $this->get_config('syncgroupsgroupclass') && $this->get_config('syncgroupsgroupattribute') && $this->get_config('syncgroupsmemberattribute'); $excludelist = $this->get_config('syncgroupsexcludelist'); $includelist = $this->get_config('syncgroupsincludelist'); $searchsub = $this->get_config('syncgroupssearchsub'); $grouptype = $this->get_config('syncgroupsgrouptype'); $groupattribute = $this->get_config('syncgroupsgroupattribute'); $docreate = $this->get_config('syncgroupsautocreate'); // If neither one is set, return if (!$syncbyattribute && !$syncbyclass) { log_info('not set to sync by user attribute or by group objects, so exiting'); return true; } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("exclusion list : "); var_dump($excludelist); log_debug("inclusion list : "); var_dump($includelist); } // fetch userids of current members of that institution if ($this->institution == 'mahara') { $currentmembers = get_records_sql_assoc('select u.username as username, u.id as id from {usr} u where u.deleted=0 and not exists (select 1 from {usr_institution} ui where ui.usr=u.id)', array()); } else { $currentmembers = get_records_sql_assoc('select u.username as username, u.id as id from {usr} u inner join {usr_institution} ui on u.id=ui.usr where u.deleted=0 and ui.institution=?', array($this->institution)); } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("current members : " . count($currentmembers)); var_dump($currentmembers); } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("config. LDAP : "); var_dump($this->get_config()); } $groups = array(); if ($syncbyattribute) { // get the distinct values of the used attribute by a LDAP search // that may be restricted by flags -c or -o $groups = array_merge($groups, $this->get_attribute_distinct_values($searchsub)); } if ($syncbyclass) { $groups = array_merge($groups, $this->ldap_get_grouplist('*', $searchsub)); } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("Found LDAP groups : "); var_dump($groups); } $nbadded = 0; foreach ($groups as $group) { $nomatch = false; log_debug("Processing group '{$group}'"); if (!ldap_sync_filter_name($group, $includelist, $excludelist)) { continue; } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("processing group : "); var_dump($group); } $ldapusers = array(); if ($syncbyattribute) { $ldapusers = array_merge($ldapusers, $this->get_users_having_attribute_value($group)); } if ($syncbyclass) { $ldapusers = array_merge($ldapusers, $this->ldap_get_group_members($group)); } // test whether this group exists within the institution // group.shortname is limited to 255 characters. Unlikely anyone will hit this, but why not? $shortname = substr($group, 0, 255); if (!($dbgroup = get_record('group', 'shortname', $shortname, 'institution', $this->institution))) { if (!$docreate) { log_debug('autocreation is off so skipping Mahara not existing group ' . $group); continue; } if (count($ldapusers) == 0) { log_debug('will not autocreate an empty Mahara group ' . $group); continue; } try { log_info('creating group ' . $group); // Make sure the name is unique (across all institutions) // group.name only allows 128 characters. In the event of // really long group names, we'll arbitrarily truncate them $basename = $this->institution . ' : ' . $group; $name = substr($basename, 0, 128); $n = 0; while (record_exists('group', 'name', $name)) { $n++; $tail = " {$n}"; $name .= substr($basename, 0, 128 - strlen($tail)) . $tail; } $dbgroup = array(); $dbgroup['name'] = $name; $dbgroup['institution'] = $this->institution; $dbgroup['shortname'] = $shortname; $dbgroup['grouptype'] = $grouptype; // default standard (change to course) $dbgroup['controlled'] = 1; //definitively $nbadded++; if (!$dryrun) { $groupid = group_create($dbgroup); } } catch (Exception $ex) { log_warn($ex->getMessage()); continue; } } else { $groupid = $dbgroup->id; log_debug('group exists ' . $group); } // now it does exist see what members should be added/removed if (get_config('auth_ldap_debug_sync_cron')) { log_debug($group . ' : '); var_dump($ldapusers); } // Puts the site's "admin" user into the group as a group admin $members = array('1' => 'admin'); //must be set otherwise fatal error group_update_members: no group admins listed for group foreach ($ldapusers as $username) { if (isset($currentmembers[$username])) { $id = $currentmembers[$username]->id; $members[$id] = 'member'; } } if (get_config('auth_ldap_debug_sync_cron')) { log_debug('new members list : ' . count($members)); var_dump($members); } unset($ldapusers); //try to save memory before memory consuming call to API $result = $dryrun ? false : group_update_members($groupid, $members); if ($result) { log_info(" -> added : {$result['added']} removed : {$result['removed']} updated : {$result['updated']}"); } else { log_debug('-> no change for ' . $group); } unset($members); //break; } log_info('---------- finished groupsync auth instance ' . $this->instanceid . ' at ' . date('r', time()) . ' ----------'); return true; }
if ($searchsub !== false) { $instance->set_config('search_sub', $searchsub ? 'yes' : 'no'); } if ($CFG->debug_ldap_groupes) { moodle_print_object("config. LDAP : ", $instance->get_config()); } // get the distinct values of the used attribute by a LDAP search // that may be restricted by flags -c or -o $groups = $instance->get_attribute_distinct_values(); if ($CFG->debug_ldap_groupes) { moodle_print_object("distinct values found for {$attributename} ", $groups); } $nbadded = 0; foreach ($groups as $group) { // skip if in excludelist or not in the includelist if (!ldap_sync_filter_name($group, $includelist, $excludelist)) { continue; } if ($CFG->debug_ldap_groupes) { moodle_print_object("processing group : ", $group); } // test whether this group exists within the institution if (!($dbgroup = get_record('group', 'shortname', $group, 'institution', $institutionname))) { if ($nocreate) { $cli->cli_print('autocreation is off so skipping Mahara not existing group ' . $group); continue; } $ldapusers = $instance->get_users_having_attribute_value($group); if (count($ldapusers) == 0) { $cli->cli_print('will not autocreate an empty Mahara group ' . $group); continue;