if (isset($_POST["restore"])) { $user->check($_POST['id'], PURGE); $user->restore($_POST); Event::log($_POST["id"], "users", 4, "setup", sprintf(__('%s restores an item'), $_SESSION["glpiname"])); $user->redirectToList(); } else { if (isset($_POST["purge"])) { $user->check($_POST['id'], PURGE); $user->delete($_POST, 1); Event::log($_POST["id"], "users", 4, "setup", sprintf(__('%s purges an item'), $_SESSION["glpiname"])); $user->redirectToList(); } else { if (isset($_POST["force_ldap_resynch"])) { Session::checkRight('user', User::UPDATEAUTHENT); $user->getFromDB($_POST["id"]); AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $user->fields["name"]), true, $user->fields["auths_id"], true); Html::back(); } else { if (isset($_POST["update"])) { $user->check($_POST['id'], UPDATE); $user->update($_POST); Event::log($_POST['id'], "users", 5, "setup", sprintf(__('%s updates an item'), $_SESSION["glpiname"])); Html::back(); } else { if (isset($_POST["addgroup"])) { $groupuser->check(-1, CREATE, $_POST); if ($groupuser->add($_POST)) { Event::log($_POST["users_id"], "users", 4, "setup", sprintf(__('%s adds a user to a group'), $_SESSION["glpiname"])); } Html::back(); } else {
/** * @param $email (default '') **/ static function getOrImportByEmail($email = '') { global $DB, $CFG_GLPI; $query = "SELECT `users_id` as id\n FROM `glpi_useremails`\n LEFT JOIN `glpi_users` ON (`glpi_users`.`id` = `glpi_useremails`.`users_id`)\n WHERE `glpi_useremails`.`email` = '{$email}'\n ORDER BY `glpi_users`.`is_active` DESC"; $result = $DB->query($query); //User still exists in DB if ($result && $DB->numrows($result)) { return $DB->result($result, 0, "id"); } else { if ($CFG_GLPI["is_users_auto_add"]) { //Get all ldap servers with email field configured $ldaps = AuthLdap::getServersWithImportByEmailActive(); //Try to find the user by his email on each ldap server foreach ($ldaps as $ldap) { $params['method'] = AuthLdap::IDENTIFIER_EMAIL; $params['value'] = $email; $res = AuthLdap::ldapImportUserByServerId($params, AuthLdap::ACTION_IMPORT, $ldap); if (isset($res['id'])) { return $res['id']; } } } } return 0; }
/** * Function to import or synchronise all the users from an ldap directory * * @param $options array **/ function import(array $options) { global $CFG_GLPI; $results = array(AuthLDAP::USER_IMPORTED => 0, AuthLDAP::USER_SYNCHRONIZED => 0, AuthLDAP::USER_DELETED_LDAP => 0); //The ldap server id is passed in the script url (parameter server_id) $limitexceeded = false; $actions_to_do = array(); switch ($options['action']) { case AuthLDAP::ACTION_IMPORT: $actions_to_do = array(AuthLDAP::ACTION_IMPORT); break; case AuthLDAP::ACTION_SYNCHRONIZE: $actions_to_do = array(AuthLDAP::ACTION_SYNCHRONIZE); break; case AuthLDAP::ACTION_ALL: $actions_to_do = array(AuthLDAP::ACTION_IMPORT, AuthLDAP::ACTION_ALL); break; } foreach ($actions_to_do as $action_to_do) { $options['mode'] = $action_to_do; $options['authldaps_id'] = $options['ldapservers_id']; $users = AuthLdap::getAllUsers($options, $results, $limitexceeded); $contact_ok = true; if (is_array($users)) { foreach ($users as $user) { $result = AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $user["user"]), $action_to_do, $options['ldapservers_id']); if ($result) { $results[$result['action']] += 1; } echo "."; } } else { if (!$users) { $contact_ok = false; } } } if ($limitexceeded) { echo "\nLDAP Server size limit exceeded"; if ($CFG_GLPI['user_deleted_ldap']) { echo ": user deletion disabled\n"; } echo "\n"; } if ($contact_ok) { echo "\nImported: " . $results[AuthLDAP::USER_IMPORTED] . "\n"; echo "Synchronized: " . $results[AuthLDAP::USER_SYNCHRONIZED] . "\n"; echo "Deleted from LDAP: " . $results[AuthLDAP::USER_DELETED_LDAP] . "\n"; } else { echo "Cannot contact LDAP server!\n"; } echo "\n\n"; }
/** * @param $pid * @param $data * @param $server * @param $prof * @param $verb * @param $mail **/ function syncEntity($pid, $data, $server, $prof, $verb, $mail) { global $DB, $LANG, $CFG_GLPI; // Re-establish DB connexion - mandatory in each forked process if (!DBConnection::switchToMaster()) { echo " {$pid}: lost DB connection\n"; return 0; } // Server from entity (if not given from option) if ($data['authldaps_id'] > 0) { $server = $data['authldaps_id']; } $entity = new Entity(); if ($entity->getFromDB($id = $data['id'])) { $tps = microtime(true); if ($verb) { echo " {$pid}: Synchonizing entity '" . $entity->getField('completename') . "' ({$id}, mail={$mail})\n"; } $sql = "SELECT DISTINCT glpi_users.*\n FROM glpi_users\n INNER JOIN glpi_profiles_users\n ON (glpi_profiles_users.users_id = glpi_users.id\n AND glpi_profiles_users.entities_id = {$id}"; if ($prof > 0) { $sql .= " AND glpi_profiles_users.profiles_id = {$prof}"; } $sql .= ")\n WHERE glpi_users.authtype = " . Auth::LDAP; if ($server > 0) { $sql .= " AND glpi_users.auths_id = {$server}"; } $users = array(); $results = array(AuthLDAP::USER_IMPORTED => 0, AuthLDAP::USER_SYNCHRONIZED => 0, AuthLDAP::USER_DELETED_LDAP => 0); $req = $DB->request($sql); $i = 0; $nb = $req->numrows(); foreach ($req as $row) { $i++; $result = AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $row['name']), AuthLDAP::ACTION_SYNCHRONIZE, $row['auths_id']); if ($result) { $results[$result['action']] += 1; $users[$row['id']] = $row['name']; if ($result['action'] == AuthLDAP::USER_SYNCHRONIZED) { if ($verb) { echo " {$pid}: User '" . $row['name'] . "' synchronized ({$i}/{$nb})\n"; } } else { if ($verb) { echo " {$pid}: User '" . $row['name'] . "' deleted\n"; } } } else { if ($verb) { echo " {$pid}: Problem with LDAP for user '" . $row['name'] . "'\n"; } } } $tps = microtime(true) - $tps; printf(" %d: Entity '%s' - Synchronized: %d, Deleted from LDAP: %d, Time: %.2f\"\n", $pid, $entity->getField('completename'), $results[AuthLDAP::USER_SYNCHRONIZED], $results[AuthLDAP::USER_DELETED_LDAP], $tps); if ($mail) { $report = ''; $user = new User(); foreach ($users as $id => $name) { if ($user->getFromDB($id)) { $logs = Log::getHistoryData($user, 0, $_SESSION['glpilist_limit'], "`date_mod`='" . $_SESSION['glpi_currenttime'] . "'"); if (count($logs)) { $report .= "\n{$name} (" . $user->getName() . ")\n"; foreach ($logs as $log) { $report .= "\t"; if ($log['field']) { $report .= $log['field'] . ": "; } $report .= Html::clean($log['change']) . "\n"; } } } else { $report .= "\n" . $name . "\n\t deleted\n"; } } if ($report) { $report = "Synchronization of already imported users\n " . "Entité: " . $entity->getField('completename') . "\n " . "Date: " . Html::convDateTime($_SESSION['glpi_currenttime']) . "\n " . $report; $entdata = new Entity(); $mmail = new NotificationMail(); $mmail->AddCustomHeader("Auto-Submitted: auto-generated"); $mmail->From = $CFG_GLPI["admin_email"]; $mmail->FromName = "GLPI"; $mmail->Subject = "[GLPI] LDAP directory link"; $mmail->Body = $report . "\n--\n" . $CFG_GLPI["mailing_signature"]; if ($mail & 1 && $entdata->getFromDB($entity->getField('id')) && $entdata->fields['admin_email']) { $mmail->AddAddress($entdata->fields['admin_email']); } else { if ($mail & 1 && $verb) { echo " {$pid}: No address found for email entity\n"; } $mail = $mail & 2; } if ($mail & 2 && $CFG_GLPI['admin_email']) { $mmail->AddAddress($CFG_GLPI['admin_email']); } else { if ($mail & 2 && $verb) { echo " {$pid}: No address found for email admin\n"; } $mail = $mail & 1; } if ($mail) { if ($mmail->Send() && $verb) { echo " {$pid}: Report sent by email\n"; } } else { echo " {$pid}: Cannot send report (" . $entity->getField('completename') . ") " . "invalid address\n"; } } } return $results[AuthLDAP::USER_DELETED_LDAP] + $results[AuthLDAP::USER_SYNCHRONIZED]; } return 0; }
/** * @since version 0.85 * * @see CommonDBTM::processMassiveActionsForOneItemtype() **/ static function processMassiveActionsForOneItemtype(MassiveAction $ma, CommonDBTM $item, array $ids) { global $CFG_GLPI; $input = $ma->getInput(); switch ($ma->getAction()) { case 'import_group': $group = new Group(); if (!Session::haveRight("user", User::UPDATEAUTHENT) || !$group->canGlobal(UPDATE)) { $ma->itemDone($item->getType(), $ids, MassiveAction::ACTION_NORIGHT); $ma->addMessage($item->getErrorMessage(ERROR_RIGHT)); return; } foreach ($ids as $id) { if (isset($input["dn"][$id])) { $group_dn = $input["dn"][$id]; if (isset($input["ldap_import_entities"][$id])) { $entity = $input["ldap_import_entities"][$id]; } else { $entity = $_SESSION["glpiactive_entity"]; } // Is recursive is in the main form and thus, don't pass through // zero_on_empty mechanism inside massive action form ... $is_recursive = empty($input['ldap_import_recursive'][$id]) ? 0 : 1; $options = array('authldaps_id' => $_SESSION['ldap_server'], 'entities_id' => $entity, 'is_recursive' => $is_recursive, 'type' => $input['ldap_import_type'][$id]); if (AuthLdap::ldapImportGroup($group_dn, $options)) { $ma->itemDone($item->getType(), $id, MassiveAction::ACTION_OK); } else { $ma->itemDone($item->getType(), $id, MassiveAction::ACTION_KO); $ma->addMessage($item->getErrorMessage(ERROR_ON_ACTION, $group_dn)); } } // Clean history as id does not correspond to group $_SESSION['glpimassiveactionselected'] = array(); } return; case 'import': case 'sync': if (!Session::haveRight("user", User::IMPORTEXTAUTHUSERS)) { $ma->itemDone($item->getType(), $ids, MassiveAction::ACTION_NORIGHT); $ma->addMessage($item->getErrorMessage(ERROR_RIGHT)); return; } foreach ($ids as $id) { if (AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $id), $_SESSION['ldap_import']['mode'], $_SESSION['ldap_import']['authldaps_id'], true)) { $ma->itemDone($item->getType(), $id, MassiveAction::ACTION_OK); } else { $ma->itemDone($item->getType(), $id, MassiveAction::ACTION_KO); $ma->addMessage($item->getErrorMessage(ERROR_ON_ACTION, $id)); } } return; } parent::processMassiveActionsForOneItemtype($ma, $item, $ids); }
/** * @since version 0.84 * * @see CommonDBTM::doSpecificMassiveActions() **/ function doSpecificMassiveActions($input = array()) { global $CFG_GLPI; $res = array('ok' => 0, 'ko' => 0, 'noright' => 0); switch ($input['action']) { case "import": case "sync": if (!Session::haveRight("import_externalauth_users", 'w')) { $res['nbnoright']++; } else { if (isset($_GET['multiple_actions']) && isset($_SESSION["glpi_massiveaction"])) { if ($count = count($input["item"])) { $i = $input["ldap_process_count"] - $count + 1; Html::createProgressBar(); Html::changeProgressBarPosition($i, $input["ldap_process_count"], sprintf(__('%1$s/%2$s'), $i, $input["ldap_process_count"])); $key = key($input["item"]); unset($input["item"][$key]); if (AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $key), $input["mode"], $input["authldaps_id"], true)) { $input['res']['ok']++; } else { $input['res']['ko']++; } if (count($input["item"])) { // more to do -> redirect $_SESSION['glpi_massiveaction']['POST'] = $input; Html::redirect($CFG_GLPI['root_doc'] . '/front/massiveaction.php?multiple_actions=1'); } else { // Nothing to do redirect Html::changeProgressBarPosition(100, 100, __('Successful importation')); $res = $input['res']; $_SESSION['ldap_import']['action'] = 'show'; } } } else { if (count($input['item']) > 0) { $input["ldap_process_count"] = 0; $input["authldaps_id"] = $_SESSION['ldap_import']['authldaps_id']; $input["mode"] = $_SESSION['ldap_import']['mode']; $input['res'] = array('ok' => 0, 'ko' => 0, 'noright' => 0); foreach ($input['item'] as $key => $val) { if ($val) { $input["ldap_process_count"]++; } } $_SESSION['glpi_massiveaction']['POST'] = $input; Html::redirect($CFG_GLPI['root_doc'] . '/front/massiveaction.php?multiple_actions=1'); } else { $res['ko']++; } } } $res['REDIRECT'] = $CFG_GLPI['root_doc'] . "/front/ldap.import.php"; break; case "import_group": $group = new Group(); if (!Session::haveRight("user_authtype", 'w') || !$group->canGlobal('w')) { $res['nbnoright']++; } else { if (isset($_GET['multiple_actions']) && isset($_SESSION["glpi_massiveaction"])) { if ($count = count($input["item"])) { $i = $input["ldap_process_count"] - $count + 1; Html::createProgressBar(); Html::changeProgressBarPosition($i, $input["ldap_process_count"], sprintf(__('%1$s/%2$s'), $i, $input["ldap_process_count"])); $key = key($input["item"]); unset($input["item"][$key]); if (isset($input["ldap_import_entities"][$key])) { $entity = $input["ldap_import_entities"][$key]; } else { $entity = $_SESSION["glpiactive_entity"]; } if (AuthLdap::ldapImportGroup($key, array("authldaps_id" => $input["authldaps_id"], "entities_id" => $entity, "is_recursive" => $input["ldap_import_recursive"][$key], "type" => $input["ldap_import_type"][$key]))) { $input['res']['ok']++; } else { $input['res']['ko']++; } if (count($input["item"])) { // more to do -> redirect $_SESSION['glpi_massiveaction']['POST'] = $input; Html::redirect($CFG_GLPI['root_doc'] . '/front/massiveaction.php?multiple_actions=1'); } else { // Nothing to do redirect Html::changeProgressBarPosition(100, 100, __('Successful importation')); $res = $input['res']; $_SESSION['ldap_import']['action'] = 'show'; } } } else { if (count($input['item']) > 0) { $input["ldap_process_count"] = 0; $input["authldaps_id"] = $_SESSION['ldap_server']; $input['res'] = array('ok' => 0, 'ko' => 0, 'noright' => 0); foreach ($input['item'] as $key => $val) { if ($val) { $input["ldap_process_count"]++; $input["ldap_import_entities"][$key] = $input["ldap_import_entities"][$key]; $input["ldap_import_type"][$key] = $input["ldap_import_type"][$key]; $input["ldap_import_recursive"][$key] = $input["ldap_import_recursive"][$key]; } } $_SESSION['glpi_massiveaction']['POST'] = $input; Html::redirect($CFG_GLPI['root_doc'] . '/front/massiveaction.php?multiple_actions=1'); } else { $res['ko']++; } } } $res['REDIRECT'] = $CFG_GLPI['root_doc'] . "/front/ldap.group.import.php"; break; default: return parent::doSpecificMassiveActions($input); } return $res; }
if ($_SESSION['ldap_import']['action'] == 'show') { $_REQUEST['target'] = $_SERVER['PHP_SELF']; $authldap = new AuthLDAP(); $authldap->getFromDB($_SESSION['ldap_import']['authldaps_id']); AuthLdap::showUserImportForm($authldap); if (isset($_SESSION['ldap_import']['authldaps_id']) && $_SESSION['ldap_import']['authldaps_id'] != NOT_AVAILABLE && isset($_SESSION['ldap_import']['criterias']) && !empty($_SESSION['ldap_import']['criterias'])) { echo "<br />"; AuthLdap::searchUser($authldap); } } else { if (isset($_SESSION["ldap_process"])) { if ($count = count($_SESSION["ldap_process"])) { $percent = min(100, round(100 * ($_SESSION["ldap_process_count"] - $count) / $_SESSION["ldap_process_count"], 0)); displayProgressBar(400, $percent); $key = array_pop($_SESSION["ldap_process"]); AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $key), $_SESSION['ldap_import']["mode"], $_SESSION['ldap_import']["authldaps_id"], true); glpi_header($_SERVER['PHP_SELF']); } else { unset($_SESSION["ldap_process"]); displayProgressBar(400, 100); echo "<div class='center b'>" . $LANG['ocsng'][8] . "<br>"; echo "<a href='" . $_SERVER['PHP_SELF'] . "'>" . $LANG['buttons'][13] . "</a></div>"; unset($_SESSION["authldaps_id"]); unset($_SESSION["mode"]); unset($_SESSION["interface"]); $_SESSION['ldap_import']['action'] = 'show'; refreshDropdownPopupInMainWindow(); } } else { if (count($_POST['toprocess']) > 0) { $_SESSION["ldap_process_count"] = 0;