コード例 #1
0
ファイル: drivers_ldap.php プロジェクト: rossryan/Calico
/**
* sync LDAP against the DB
*/
function sync_LDAP()
{
    global $c;
    $ldapDriver = getStaticLdap();
    if ($ldapDriver->valid) {
        $mapping = $c->authenticate_hook['config']['mapping_field'];
        $attributes = array_values($mapping);
        $ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
        if (sizeof($ldap_users_tmp) == 0) {
            return;
        }
        foreach ($ldap_users_tmp as $key => $ldap_user) {
            $ldap_users_info[$ldap_user[$mapping["username"]]] = $ldap_user;
            unset($ldap_users_tmp[$key]);
        }
        $qry = new AwlQuery("SELECT username, user_no, modified as updated FROM dav_principal where type_id=1");
        $qry->Exec('sync_LDAP', __LINE__, __FILE__);
        while ($db_user = $qry->Fetch()) {
            $db_users[] = $db_user->username;
            $db_users_info[$db_user->username] = array('user_no' => $db_user->user_no, 'updated' => $db_user->updated);
        }
        $ldap_users = array_keys($ldap_users_info);
        // users only in ldap
        $users_to_create = array_diff($ldap_users, $db_users);
        // users only in db
        $users_to_deactivate = array_diff($db_users, $ldap_users);
        // users present in ldap and in the db
        $users_to_update = array_intersect($db_users, $ldap_users);
        // creation of all users;
        if (sizeof($users_to_create)) {
            $c->messages[] = sprintf(i18n('- creating record for users :  %s'), join(', ', $users_to_create));
            foreach ($users_to_create as $username) {
                $user = (object) array('user_no' => 0, 'username' => $username);
                $valid = $ldap_users_info[$username];
                $ldap_timestamp = $valid[$mapping["updated"]];
                /**
                 * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
                 */
                foreach ($c->authenticate_hook['config']['format_updated'] as $k => $v) {
                    ${$k} = substr($ldap_timestamp, $v[0], $v[1]);
                }
                $ldap_timestamp = "{$Y}" . "{$m}" . "{$d}" . "{$H}" . "{$M}" . "{$S}";
                $valid[$mapping["updated"]] = "{$Y}-{$m}-{$d} {$H}:{$M}:{$S}";
                sync_user_from_LDAP($user, $mapping, $valid);
            }
        }
        // deactivating all users
        $params = array();
        $i = 0;
        foreach ($users_to_deactivate as $v) {
            if (isset($c->do_not_sync_from_ldap) && isset($c->do_not_sync_from_ldap[$v])) {
                continue;
            }
            $params[':u' . $i++] = strtolower($v);
        }
        if (count($params) > 0) {
            $c->messages[] = sprintf(i18n('- deactivating users : %s'), join(', ', $users_to_deactivate));
            $qry = new AwlQuery('UPDATE usr SET active = FALSE WHERE lower(username) IN (' . implode(',', array_keys($params)) . ')', $params);
            $qry->Exec('sync_LDAP', __LINE__, __FILE__);
        }
        // updating all users
        if (sizeof($users_to_update)) {
            foreach ($users_to_update as $key => $username) {
                $valid = $ldap_users_info[$username];
                $ldap_timestamp = $valid[$mapping["updated"]];
                $valid["user_no"] = $db_users_info[$username]["user_no"];
                $mapping["user_no"] = "user_no";
                /**
                 * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
                 */
                foreach ($c->authenticate_hook['config']['format_updated'] as $k => $v) {
                    ${$k} = substr($ldap_timestamp, $v[0], $v[1]);
                }
                $ldap_timestamp = "{$Y}" . "{$m}" . "{$d}" . "{$H}" . "{$M}" . "{$S}";
                $valid[$mapping["updated"]] = "{$Y}-{$m}-{$d} {$H}:{$M}:{$S}";
                $db_timestamp = substr(strtr($db_users_info[$username]['updated'], array(':' => '', ' ' => '', '-' => '')), 0, 14);
                if ($ldap_timestamp > $db_timestamp) {
                    sync_user_from_LDAP($usr, $mapping, $valid);
                } else {
                    unset($users_to_update[$key]);
                    $users_nothing_done[] = $username;
                }
            }
            if (sizeof($users_to_update)) {
                $c->messages[] = sprintf(i18n('- updating user records : %s'), join(', ', $users_to_update));
            }
            if (sizeof($users_nothing_done)) {
                $c->messages[] = sprintf(i18n('- nothing done on : %s'), join(', ', $users_nothing_done));
            }
        }
        $admins = 0;
        $qry = new AwlQuery("select count(*) as admins from usr join role_member using ( user_no ) join roles using (role_no) where usr.active = true and role_name='Admin'");
        $qry->Exec('sync_LDAP', __LINE__, __FILE__);
        while ($db_user = $qry->Fetch()) {
            $admins = $db_user->admins;
        }
        if ($admins == 0) {
            $c->messages[] = sprintf(i18n('Warning: there are no active admin users, you should fix this before logging out.'));
        }
    }
}
コード例 #2
0
ファイル: drivers_ldap.php プロジェクト: derekyu1437/davical
/**
* sync LDAP against the DB
*/
function sync_LDAP()
{
    global $c;
    $ldapDriver = getStaticLdap();
    if (!$ldapDriver->valid) {
        return;
    }
    $mapping = $c->authenticate_hook['config']['mapping_field'];
    $attributes = array_values_mapping($mapping);
    $ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
    if (sizeof($ldap_users_tmp) == 0) {
        return;
    }
    foreach ($ldap_users_tmp as $key => $ldap_user) {
        $ldap_users_info[$ldap_user[$mapping['username']]] = $ldap_user;
        unset($ldap_users_tmp[$key]);
    }
    $qry = new AwlQuery("SELECT username, user_no, modified as updated FROM dav_principal where type_id=1");
    $qry->Exec('sync_LDAP', __LINE__, __FILE__);
    while ($db_user = $qry->Fetch()) {
        $db_users[] = $db_user->username;
        $db_users_info[$db_user->username] = array('user_no' => $db_user->user_no, 'updated' => $db_user->updated);
    }
    // all users from ldap
    $ldap_users = array_keys($ldap_users_info);
    // users only in ldap
    $users_to_create = array_diff($ldap_users, $db_users);
    // users only in db
    $users_to_deactivate = array_diff($db_users, $ldap_users);
    // users present in ldap and in the db
    $users_to_update = array_intersect($db_users, $ldap_users);
    // creation of all users;
    if (sizeof($users_to_create)) {
        $c->messages[] = sprintf(i18n('- creating record for users :  %s'), join(', ', $users_to_create));
        foreach ($users_to_create as $username) {
            $principal = new Principal('username', $username);
            $valid = $ldap_users_info[$username];
            $ldap_timestamp = $valid[$mapping['modified']];
            if (!empty($c->authenticate_hook['config']['format_updated'])) {
                /**
                 * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
                 */
                foreach ($c->authenticate_hook['config']['format_updated'] as $k => $v) {
                    ${$k} = substr($ldap_timestamp, $v[0], $v[1]);
                }
                $ldap_timestamp = $Y . $m . $d . $H . $M . $S;
            } else {
                if (preg_match('{^(\\d{8})(\\d{6})(Z)?$', $ldap_timestamp, $matches)) {
                    $ldap_timestamp = $matches[1] . 'T' . $matches[2] . $matches[3];
                } else {
                    if (empty($ldap_timestamp)) {
                        $ldap_timestamp = date('c');
                    }
                }
            }
            $valid[$mapping['modified']] = $ldap_timestamp;
            sync_user_from_LDAP($principal, $mapping, $valid);
        }
    }
    // deactivating all users
    $params = array();
    $i = 0;
    $paramstring = '';
    foreach ($users_to_deactivate as $v) {
        if (isset($c->do_not_sync_from_ldap) && isset($c->do_not_sync_from_ldap[$v])) {
            continue;
        }
        if ($i > 0) {
            $paramstring .= ',';
        }
        $paramstring .= ':u' . $i . '::text';
        $params[':u' . $i++] = strtolower($v);
    }
    if (count($params) > 0) {
        $c->messages[] = sprintf(i18n('- deactivating users : %s'), join(', ', $users_to_deactivate));
        $qry = new AwlQuery('UPDATE usr SET active = FALSE WHERE lower(username) IN (' . $paramstring . ')', $params);
        $qry->Exec('sync_LDAP', __LINE__, __FILE__);
        Principal::cacheFlush('lower(username) IN (' . $paramstring . ')', $params);
    }
    // updating all users
    if (sizeof($users_to_update)) {
        foreach ($users_to_update as $key => $username) {
            $principal = new Principal('username', $username);
            $valid = $ldap_users_info[$username];
            $ldap_timestamp = $valid[$mapping['modified']];
            $valid['user_no'] = $db_users_info[$username]['user_no'];
            $mapping['user_no'] = 'user_no';
            /**
             * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
             */
            foreach ($c->authenticate_hook['config']['format_updated'] as $k => $v) {
                ${$k} = substr($ldap_timestamp, $v[0], $v[1]);
            }
            $ldap_timestamp = $Y . $m . $d . $H . $M . $S;
            $valid[$mapping['modified']] = "{$Y}-{$m}-{$d} {$H}:{$M}:{$S}";
            $db_timestamp = substr(strtr($db_users_info[$username]['updated'], array(':' => '', ' ' => '', '-' => '')), 0, 14);
            if ($ldap_timestamp > $db_timestamp) {
                sync_user_from_LDAP($principal, $mapping, $valid);
            } else {
                unset($users_to_update[$key]);
                $users_nothing_done[] = $username;
            }
        }
        if (sizeof($users_to_update)) {
            $c->messages[] = sprintf(i18n('- updating user records : %s'), join(', ', $users_to_update));
        }
        if (sizeof($users_nothing_done)) {
            $c->messages[] = sprintf(i18n('- nothing done on : %s'), join(', ', $users_nothing_done));
        }
    }
    $admins = 0;
    $qry = new AwlQuery("SELECT count(*) AS admins FROM usr JOIN role_member USING ( user_no ) JOIN roles USING (role_no) WHERE usr.active=TRUE AND role_name='Admin'");
    $qry->Exec('sync_LDAP', __LINE__, __FILE__);
    while ($db_user = $qry->Fetch()) {
        $admins = $db_user->admins;
    }
    if ($admins == 0) {
        $c->messages[] = sprintf(i18n('Warning: there are no active admin users! You should fix this before logging out.  Consider using the $c->do_not_sync_from_ldap configuration setting.'));
    }
}