public static function Sync($ldap_server_id) { global $DB, $USER, $APPLICATION; if (!is_object($USER)) { $USER = new CUser(); $bUSERGen = true; } $dbLdapServers = CLdapServer::GetById($ldap_server_id); if (!($oLdapServer = $dbLdapServers->GetNextServer())) { return false; } if (!$oLdapServer->Connect()) { return false; } if (!$oLdapServer->BindAdmin()) { $oLdapServer->Disconnect(); return false; } $APPLICATION->ResetException(); $db_events = GetModuleEvents("ldap", "OnLdapBeforeSync"); while ($arEvent = $db_events->Fetch()) { $arParams['oLdapServer'] = $oLdapServer; if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) { if (!($err = $APPLICATION->GetException())) { $APPLICATION->ThrowException("Unknown error"); } return false; } } // select all users from LDAP $arLdapUsers = array(); $ldapLoginAttr = strtolower($oLdapServer->arFields["~USER_ID_ATTR"]); $APPLICATION->ResetException(); $dbLdapUsers = $oLdapServer->GetUserList(); $ldpEx = $APPLICATION->GetException(); while ($arLdapUser = $dbLdapUsers->Fetch()) { $arLdapUsers[strtolower($arLdapUser[$ldapLoginAttr])] = $arLdapUser; } unset($dbLdapUsers); // select all Bitrix CMS users for this LDAP $arUsers = array(); CTimeZone::Disable(); $dbUsers = CUser::GetList($o, $b, array("EXTERNAL_AUTH_ID" => "LDAP#" . $ldap_server_id)); CTimeZone::Enable(); while ($arUser = $dbUsers->Fetch()) { $arUsers[strtolower($arUser["LOGIN"])] = $arUser; } unset($dbUsers); if (!$ldpEx || $ldpEx->msg != 'LDAP_SEARCH_ERROR') { $arDelLdapUsers = array_diff(array_keys($arUsers), array_keys($arLdapUsers)); } if (strlen($oLdapServer->arFields["SYNC_LAST"]) > 0) { $syncTime = MakeTimeStamp($oLdapServer->arFields["SYNC_LAST"]); } else { $syncTime = 0; } $arCache = array(); // selecting a list of groups, from which users will not be imported $noImportGroups = array(); $dbGroups = CLdapServer::GetGroupBan($ldap_server_id); while ($arGroup = $dbGroups->Fetch()) { $noImportGroups[md5($arGroup['LDAP_GROUP_ID'])] = $arGroup['LDAP_GROUP_ID']; } $cnt = 0; // have to update $oLdapServer->arFields["FIELD_MAP"] for user fields // for each one of them looking for similar in user list foreach ($arLdapUsers as $userLogin => $arLdapUserFields) { if (!is_array($arUsers[$userLogin])) { if ($oLdapServer->arFields["SYNC_USER_ADD"] != "Y") { continue; } // if user is not found among already existing ones, then import him // в $arLdapUserFields - user fields from ldap $userActive = $oLdapServer->getLdapValueByBitrixFieldName("ACTIVE", $arLdapUserFields); if ($userActive != "Y") { continue; } $arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $departmentCache); // $arUserFields here contains LDAP user fields for a LDAP user // make a check, whether this user belongs to those groups only, from which import will not be made... $allUserGroups = $arUserFields['LDAP_GROUPS']; $userImportIsBanned = true; foreach ($allUserGroups as $groupId) { $groupId = trim($groupId); if (!empty($groupId) && !array_key_exists(md5($groupId), $noImportGroups)) { $userImportIsBanned = false; break; } } // ...if he does not, then import him if (!$userImportIsBanned || empty($allUserGroups)) { $oLdapServer->SetUser($arUserFields); } } else { // if date of update is set, then compare it $ldapTime = time(); if ($syncTime > 0 && strlen($oLdapServer->arFields["SYNC_ATTR"]) > 0 && preg_match("'([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})\\.0Z'", $arLdapUserFields[strtolower($oLdapServer->arFields["SYNC_ATTR"])], $arTimeMatch)) { $ldapTime = gmmktime($arTimeMatch[4], $arTimeMatch[5], $arTimeMatch[6], $arTimeMatch[2], $arTimeMatch[3], $arTimeMatch[1]); $userTime = MakeTimeStamp($arUsers[$userLogin]["TIMESTAMP_X"]); } if ($syncTime < $ldapTime || $syncTime < $userTime) { // make an update $arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $arCache); $arUserFields["ID"] = $arUsers[$userLogin]["ID"]; //echo $arUserFields["LOGIN"]." - updated<br>"; $oLdapServer->SetUser($arUserFields); $cnt++; } } } foreach ($arDelLdapUsers as $userLogin) { $USER = new CUser(); if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') { $ID = intval($arUsers[$userLogin]["ID"]); $USER->Update($ID, array('ACTIVE' => 'N')); } } $oLdapServer->Disconnect(); CLdapServer::Update($ldap_server_id, array("~SYNC_LAST" => $DB->CurrentTimeFunction())); if ($bUSERGen) { unset($USER); } return $cnt; }
if (array_key_exists("LDAP_NOIMP_GROUPS", $_REQUEST)) { if (!$arGroups) { $arGroups = array(); } // add groups, which import is forbidden, to common mapping with an id of -1 foreach ($noimportGroups as $ldapGroupId) { $arGroups[] = array("LDAP_GROUP_ID" => $ldapGroupId, "GROUP_ID" => -1); } } $arFields = array("NAME" => $_REQUEST['NAME'], "DESCRIPTION" => $_REQUEST['DESCRIPTION'], "CODE" => $_REQUEST['CODE'], "SERVER" => $_REQUEST['SERVER'], "PORT" => $_REQUEST['PORT'], "CONVERT_UTF8" => $_REQUEST['CONVERT_UTF8'], "ADMIN_LOGIN" => $_REQUEST['ADMIN_LOGIN'], "ACTIVE" => $_REQUEST['ACTIVE'], "ADMIN_PASSWORD" => $_REQUEST['ADMIN_PASSWORD'], "BASE_DN" => $_REQUEST['BASE_DN'], "GROUP_FILTER" => $_REQUEST['GROUP_FILTER'], "GROUP_ID_ATTR" => $_REQUEST['GROUP_ID_ATTR'], "GROUP_NAME_ATTR" => $_REQUEST['GROUP_NAME_ATTR'], "GROUP_MEMBERS_ATTR" => $_REQUEST['GROUP_MEMBERS_ATTR'], "USER_FILTER" => $_REQUEST['USER_FILTER'], "USER_ID_ATTR" => $_REQUEST['USER_ID_ATTR'], "USER_NAME_ATTR" => $_REQUEST['USER_NAME_ATTR'], "USER_LAST_NAME_ATTR" => $_REQUEST['USER_LAST_NAME_ATTR'], "USER_EMAIL_ATTR" => $_REQUEST['USER_EMAIL_ATTR'], "USER_GROUP_ATTR" => $_REQUEST['USER_GROUP_ATTR'], "USER_GROUP_ACCESSORY" => $_REQUEST['USER_GROUP_ACCESSORY'], "SYNC_PERIOD" => $_REQUEST['SYNC_PERIOD'], "SYNC" => $_REQUEST['SYNC'], "SYNC_ATTR" => $_REQUEST['SYNC_ATTR'], "USER_DEPARTMENT_ATTR" => $_REQUEST['USER_DEPARTMENT_ATTR'], "USER_MANAGER_ATTR" => $_REQUEST['USER_MANAGER_ATTR'], "IMPORT_STRUCT" => $_REQUEST['IMPORT_STRUCT'], "STRUCT_HAVE_DEFAULT" => $_REQUEST['STRUCT_HAVE_DEFAULT'], "ROOT_DEPARTMENT" => $_REQUEST['ROOT_DEPARTMENT'], "DEFAULT_DEPARTMENT_NAME" => $_REQUEST['DEFAULT_DEPARTMENT_NAME'], "FIELD_MAP" => $arUserFieldMap, "MAX_PAGE_SIZE" => $_REQUEST['MAX_PAGE_SIZE'], "SYNC_USER_ADD" => $_REQUEST['SYNC_USER_ADD']); if (is_array($arGroups)) { $arFields['GROUPS'] = $arGroups; } // apply form to server config if ($ID > 0) { $res = CLdapServer::Update($ID, $arFields); } else { $ID = CLdapServer::Add($arFields); $res = $ID > 0; } if ($res) { if (strlen($save) > 0) { if (substr($_REQUEST['back_url'], 0, 1) == '/') { LocalRedirect($_REQUEST['back_url'] . '&ldapServer=' . $ID); } else { LocalRedirect("ldap_server_admin.php?lang=" . LANG); } } else { LocalRedirect($APPLICATION->GetCurPage() . "?lang=" . LANG . "&ID=" . $ID . "&tabControl_active_tab=" . urlencode($tabControl_active_tab)); } } else {
} if($USER->LAST_ERROR!='') $strUserImportError .= $arUserFields["LOGIN"].': '.$USER->LAST_ERROR; } foreach ($arDelLdapUsers as $userLogin) { $USER = new CUser(); if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') { $ID = intval($arUsers[$userLogin]["ID"]); $USER->Update($ID, array('ACTIVE' => 'N')); } } $ldp->Disconnect(); CLdapServer::Update($ldapServer, array("~SYNC_LAST"=>$DB->CurrentTimeFunction())); if (!empty($strUserImportError)) { echo "<script type=\"text/javascript\">parent.window.ShowError('".CUtil::JSEscape($strUserImportError)."');</script>"; } die("<script type=\"text/javascript\">parent.window.End($cntUsersImport);</script>"); } } } $APPLICATION->SetTitle(GetMessage("USER_IMPORT_TITLE")); require_once($_SERVER["DOCUMENT_ROOT"].FX_ROOT."/modules/main/include/prolog_admin_after.php"); CAdminMessage::ShowMessage($strError); $arTabs = array(
foreach ($arID as $ID) { if (strlen($ID) <= 0) { continue; } $ID = IntVal($ID); switch ($_REQUEST['action']) { case "delete": if (!CLdapServer::Delete($ID)) { $lAdmin->AddGroupError(GetMessage("LDAP_ADMIN_DEL_ERR"), $ID); } break; case "activate": case "deactivate": $ld = new CLdapServer(); $arFields = array("ACTIVE" => $_REQUEST['action'] == "activate" ? "Y" : "N"); if (!$ld->Update($ID, $arFields)) { if ($e = $APPLICATION->GetException()) { $lAdmin->AddUpdateError(GetMessage("SAVE_ERROR") . $ID . ". " . $e->GetString(), $ID); } } break; } } } // initialise list - query data $rsData = CLdapServer::GetList(array($by => $order), $arFilter); $rsData = new CAdminResult($rsData, $sTableID); $rsData->NavStart(); // set up navigation string $lAdmin->NavText($rsData->GetNavPrint(GetMessage("LDAP_ADMIN_NAVSTRING"))); $arHeaders = array();
function Sync($ldap_server_id) { global $DB, $USER, $APPLICATION; if (!is_object($USER)) { $USER = new CUser(); $bUSERGen = true; } $dbLdapServers = CLdapServer::GetById($ldap_server_id); if (!($oLdapServer = $dbLdapServers->GetNextServer())) { return false; } if (!$oLdapServer->Connect()) { return false; } if (!$oLdapServer->BindAdmin()) { $oLdapServer->Disconnect(); return false; } $APPLICATION->ResetException(); $db_events = GetModuleEvents("ldap", "OnLdapBeforeSync"); while ($arEvent = $db_events->Fetch()) { $arParams['oLdapServer'] = $oLdapServer; if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) { if (!($err = $APPLICATION->GetException())) { $APPLICATION->ThrowException("Unknown error"); } return false; } } // select all users from LDAP $arLdapUsers = array(); $ldapLoginAttr = strtolower($oLdapServer->arFields["~USER_ID_ATTR"]); $dbLdapUsers = $oLdapServer->GetUserList(); while ($arLdapUser = $dbLdapUsers->Fetch()) { $arLdapUsers[strtolower($arLdapUser[$ldapLoginAttr])] = $arLdapUser; } unset($dbLdapUsers); // select all Bitrix CMS users for this LDAP $arUsers = array(); CTimeZone::Disable(); $dbUsers = CUser::GetList($o, $b, array("EXTERNAL_AUTH_ID" => "LDAP#" . $ldap_server_id)); CTimeZone::Enable(); while ($arUser = $dbUsers->Fetch()) { $arUsers[strtolower($arUser["LOGIN"])] = $arUser; } unset($dbUsers); $arDelLdapUsers = array_diff(array_keys($arUsers), array_keys($arLdapUsers)); if (strlen($oLdapServer->arFields["SYNC_LAST"]) > 0) { $syncTime = MakeTimeStamp($oLdapServer->arFields["SYNC_LAST"]); } else { $syncTime = 0; } $arCache = array(); $cnt = 0; // have to update $oLdapServer->arFields["FIELD_MAP"] for user fields // for each one of them looking for similar in user list foreach ($arLdapUsers as $userLogin => $arLdapUserFields) { if (!is_array($arUsers[$userLogin])) { continue; } // if date of update is set, then compare it $ldapTime = time(); if ($syncTime > 0 && strlen($oLdapServer->arFields["SYNC_ATTR"]) > 0 && preg_match("'([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})\\.0Z'", $arLdapUserFields[strtolower($oLdapServer->arFields["SYNC_ATTR"])], $arTimeMatch)) { $ldapTime = gmmktime($arTimeMatch[4], $arTimeMatch[5], $arTimeMatch[6], $arTimeMatch[2], $arTimeMatch[3], $arTimeMatch[1]); $userTime = MakeTimeStamp($arUsers[$userLogin]["TIMESTAMP_X"]); } if ($syncTime < $ldapTime || $syncTime < $userTime) { // make an update $arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $arCache); $arUserFields["ID"] = $arUsers[$userLogin]["ID"]; //echo $arUserFields["LOGIN"]." - updated<br>"; $oLdapServer->SetUser($arUserFields); $cnt++; } } foreach ($arDelLdapUsers as $userLogin) { $USER = new CUser(); if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') { $ID = intval($arUsers[$userLogin]["ID"]); $USER->Update($ID, array('ACTIVE' => 'N')); } } $oLdapServer->Disconnect(); CLdapServer::Update($ldap_server_id, array("~SYNC_LAST" => $DB->CurrentTimeFunction())); if ($bUSERGen) { unset($USER); } return $cnt; }