/**
* Prune users from users table who aren't in LDAP
*
* @param TBGRequest $request
*/
public function runPruneUsers(TBGRequest $request)
{
$validgroups = TBGContext::getModule('auth_ldap')->getSetting('groups');
$base_dn = TBGContext::getModule('auth_ldap')->getSetting('b_dn');
$dn_attr = TBGContext::getModule('auth_ldap')->getSetting('dn_attr');
$username_attr = TBGContext::getModule('auth_ldap')->getSetting('u_attr');
$fullname_attr = TBGContext::getModule('auth_ldap')->getSetting('f_attr');
$email_attr = TBGContext::getModule('auth_ldap')->getSetting('e_attr');
$groups_members_attr = TBGContext::getModule('auth_ldap')->getSetting('g_attr');
$user_class = TBGContext::getModule('auth_ldap')->getSetting('u_type');
$group_class = TBGContext::getModule('auth_ldap')->getSetting('g_type');
$users = TBGUser::getAll();
$deletecount = 0;
try {
$connection = TBGContext::getModule('auth_ldap')->connect();
TBGContext::getModule('auth_ldap')->bind($connection, TBGContext::getModule('auth_ldap')->getSetting('control_user'), TBGContext::getModule('auth_ldap')->getSetting('control_pass'));
$default = TBGSettings::getDefaultUserID();
foreach ($users as $user) {
if ($user->getID() == $default) {
continue;
}
$username = $user->getUsername();
$fields = array($fullname_attr, $email_attr, 'cn', $dn_attr);
$filter = '(&(objectClass=' . TBGLDAPAuthentication::getModule()->escape($user_class) . ')(' . $username_attr . '=' . TBGLDAPAuthentication::getModule()->escape($username) . '))';
$results = ldap_search($connection, $base_dn, $filter, $fields);
if (!$results) {
TBGLogging::log('failed to search for user: '******'ldap', TBGLogging::LEVEL_FATAL);
throw new Exception(TBGContext::geti18n()->__('Search failed: ') . ldap_error($connection));
}
$data = ldap_get_entries($connection, $results);
/*
* If a user is not found, delete it
*/
if ($data['count'] != 1) {
$user->delete();
$deletecount++;
continue;
}
if ($validgroups != '') {
if (strstr($validgroups, ',')) {
$groups = explode(',', $validgroups);
} else {
$groups = array();
$groups[] = $validgroups;
}
$allowed = false;
foreach ($groups as $group) {
$fields2 = array($groups_members_attr);
$filter2 = '(&(objectClass=' . TBGLDAPAuthentication::getModule()->escape($group_class) . ')(cn=' . TBGLDAPAuthentication::getModule()->escape($group) . '))';
$results2 = ldap_search($connection, $base_dn, $filter2, $fields2);
if (!$results2) {
TBGLogging::log('failed to search for user: '******'ldap', TBGLogging::LEVEL_FATAL);
throw new Exception(TBGContext::geti18n()->__('Search failed: ') . ldap_error($connection));
}
$data2 = ldap_get_entries($connection, $results2);
if ($data2['count'] != 1) {
continue;
}
foreach ($data2[0][$groups_members_attr] as $member) {
$member = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $member);
$user_dn = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $data[0][strtolower($dn_attr)][0]);
if (!is_numeric($member) && strtolower($member) == strtolower($user_dn)) {
$allowed = true;
}
}
}
/*
* If a user is not allowed access, delete it
*/
if ($allowed == false) {
$user->delete();
$deletecount++;
continue;
}
}
}
} catch (Exception $e) {
ldap_unbind($connection);
TBGContext::setMessage('module_error', TBGContext::getI18n()->__('Pruning failed'));
TBGContext::setMessage('module_error_details', $e->getMessage());
$this->forward(TBGContext::getRouting()->generate('configure_module', array('config_module' => 'auth_ldap')));
}
ldap_unbind($connection);
TBGContext::setMessage('module_message', TBGContext::getI18n()->__('Pruning successful! %del users deleted', array('%del' => $deletecount)));
$this->forward(TBGContext::getRouting()->generate('configure_module', array('config_module' => 'auth_ldap')));
}
