if (isset($_POST["restore"])) {
$user->check($_POST['id'], PURGE);
$user->restore($_POST);
Event::log($_POST["id"], "users", 4, "setup", sprintf(__('%s restores an item'), $_SESSION["glpiname"]));
$user->redirectToList();
} else {
if (isset($_POST["purge"])) {
$user->check($_POST['id'], PURGE);
$user->delete($_POST, 1);
Event::log($_POST["id"], "users", 4, "setup", sprintf(__('%s purges an item'), $_SESSION["glpiname"]));
$user->redirectToList();
} else {
if (isset($_POST["force_ldap_resynch"])) {
Session::checkRight('user', User::UPDATEAUTHENT);
$user->getFromDB($_POST["id"]);
AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $user->fields["name"]), true, $user->fields["auths_id"], true);
Html::back();
} else {
if (isset($_POST["update"])) {
$user->check($_POST['id'], UPDATE);
$user->update($_POST);
Event::log($_POST['id'], "users", 5, "setup", sprintf(__('%s updates an item'), $_SESSION["glpiname"]));
Html::back();
} else {
if (isset($_POST["addgroup"])) {
$groupuser->check(-1, CREATE, $_POST);
if ($groupuser->add($_POST)) {
Event::log($_POST["users_id"], "users", 4, "setup", sprintf(__('%s adds a user to a group'), $_SESSION["glpiname"]));
}
Html::back();
} else {
/**
* @param $email (default '')
**/
static function getOrImportByEmail($email = '')
{
global $DB, $CFG_GLPI;
$query = "SELECT `users_id` as id\n FROM `glpi_useremails`\n LEFT JOIN `glpi_users` ON (`glpi_users`.`id` = `glpi_useremails`.`users_id`)\n WHERE `glpi_useremails`.`email` = '{$email}'\n ORDER BY `glpi_users`.`is_active` DESC";
$result = $DB->query($query);
//User still exists in DB
if ($result && $DB->numrows($result)) {
return $DB->result($result, 0, "id");
} else {
if ($CFG_GLPI["is_users_auto_add"]) {
//Get all ldap servers with email field configured
$ldaps = AuthLdap::getServersWithImportByEmailActive();
//Try to find the user by his email on each ldap server
foreach ($ldaps as $ldap) {
$params['method'] = AuthLdap::IDENTIFIER_EMAIL;
$params['value'] = $email;
$res = AuthLdap::ldapImportUserByServerId($params, AuthLdap::ACTION_IMPORT, $ldap);
if (isset($res['id'])) {
return $res['id'];
}
}
}
}
return 0;
}
/**
* Function to import or synchronise all the users from an ldap directory
*
* @param $options array
**/
function import(array $options)
{
global $CFG_GLPI;
$results = array(AuthLDAP::USER_IMPORTED => 0, AuthLDAP::USER_SYNCHRONIZED => 0, AuthLDAP::USER_DELETED_LDAP => 0);
//The ldap server id is passed in the script url (parameter server_id)
$limitexceeded = false;
$actions_to_do = array();
switch ($options['action']) {
case AuthLDAP::ACTION_IMPORT:
$actions_to_do = array(AuthLDAP::ACTION_IMPORT);
break;
case AuthLDAP::ACTION_SYNCHRONIZE:
$actions_to_do = array(AuthLDAP::ACTION_SYNCHRONIZE);
break;
case AuthLDAP::ACTION_ALL:
$actions_to_do = array(AuthLDAP::ACTION_IMPORT, AuthLDAP::ACTION_ALL);
break;
}
foreach ($actions_to_do as $action_to_do) {
$options['mode'] = $action_to_do;
$options['authldaps_id'] = $options['ldapservers_id'];
$users = AuthLdap::getAllUsers($options, $results, $limitexceeded);
$contact_ok = true;
if (is_array($users)) {
foreach ($users as $user) {
$result = AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $user["user"]), $action_to_do, $options['ldapservers_id']);
if ($result) {
$results[$result['action']] += 1;
}
echo ".";
}
} else {
if (!$users) {
$contact_ok = false;
}
}
}
if ($limitexceeded) {
echo "\nLDAP Server size limit exceeded";
if ($CFG_GLPI['user_deleted_ldap']) {
echo ": user deletion disabled\n";
}
echo "\n";
}
if ($contact_ok) {
echo "\nImported: " . $results[AuthLDAP::USER_IMPORTED] . "\n";
echo "Synchronized: " . $results[AuthLDAP::USER_SYNCHRONIZED] . "\n";
echo "Deleted from LDAP: " . $results[AuthLDAP::USER_DELETED_LDAP] . "\n";
} else {
echo "Cannot contact LDAP server!\n";
}
echo "\n\n";
}
/**
* @param $pid
* @param $data
* @param $server
* @param $prof
* @param $verb
* @param $mail
**/
function syncEntity($pid, $data, $server, $prof, $verb, $mail)
{
global $DB, $LANG, $CFG_GLPI;
// Re-establish DB connexion - mandatory in each forked process
if (!DBConnection::switchToMaster()) {
echo " {$pid}: lost DB connection\n";
return 0;
}
// Server from entity (if not given from option)
if ($data['authldaps_id'] > 0) {
$server = $data['authldaps_id'];
}
$entity = new Entity();
if ($entity->getFromDB($id = $data['id'])) {
$tps = microtime(true);
if ($verb) {
echo " {$pid}: Synchonizing entity '" . $entity->getField('completename') . "' ({$id}, mail={$mail})\n";
}
$sql = "SELECT DISTINCT glpi_users.*\n FROM glpi_users\n INNER JOIN glpi_profiles_users\n ON (glpi_profiles_users.users_id = glpi_users.id\n AND glpi_profiles_users.entities_id = {$id}";
if ($prof > 0) {
$sql .= " AND glpi_profiles_users.profiles_id = {$prof}";
}
$sql .= ")\n WHERE glpi_users.authtype = " . Auth::LDAP;
if ($server > 0) {
$sql .= " AND glpi_users.auths_id = {$server}";
}
$users = array();
$results = array(AuthLDAP::USER_IMPORTED => 0, AuthLDAP::USER_SYNCHRONIZED => 0, AuthLDAP::USER_DELETED_LDAP => 0);
$req = $DB->request($sql);
$i = 0;
$nb = $req->numrows();
foreach ($req as $row) {
$i++;
$result = AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $row['name']), AuthLDAP::ACTION_SYNCHRONIZE, $row['auths_id']);
if ($result) {
$results[$result['action']] += 1;
$users[$row['id']] = $row['name'];
if ($result['action'] == AuthLDAP::USER_SYNCHRONIZED) {
if ($verb) {
echo " {$pid}: User '" . $row['name'] . "' synchronized ({$i}/{$nb})\n";
}
} else {
if ($verb) {
echo " {$pid}: User '" . $row['name'] . "' deleted\n";
}
}
} else {
if ($verb) {
echo " {$pid}: Problem with LDAP for user '" . $row['name'] . "'\n";
}
}
}
$tps = microtime(true) - $tps;
printf(" %d: Entity '%s' - Synchronized: %d, Deleted from LDAP: %d, Time: %.2f\"\n", $pid, $entity->getField('completename'), $results[AuthLDAP::USER_SYNCHRONIZED], $results[AuthLDAP::USER_DELETED_LDAP], $tps);
if ($mail) {
$report = '';
$user = new User();
foreach ($users as $id => $name) {
if ($user->getFromDB($id)) {
$logs = Log::getHistoryData($user, 0, $_SESSION['glpilist_limit'], "`date_mod`='" . $_SESSION['glpi_currenttime'] . "'");
if (count($logs)) {
$report .= "\n{$name} (" . $user->getName() . ")\n";
foreach ($logs as $log) {
$report .= "\t";
if ($log['field']) {
$report .= $log['field'] . ": ";
}
$report .= Html::clean($log['change']) . "\n";
}
}
} else {
$report .= "\n" . $name . "\n\t deleted\n";
}
}
if ($report) {
$report = "Synchronization of already imported users\n " . "Entité: " . $entity->getField('completename') . "\n " . "Date: " . Html::convDateTime($_SESSION['glpi_currenttime']) . "\n " . $report;
$entdata = new Entity();
$mmail = new NotificationMail();
$mmail->AddCustomHeader("Auto-Submitted: auto-generated");
$mmail->From = $CFG_GLPI["admin_email"];
$mmail->FromName = "GLPI";
$mmail->Subject = "[GLPI] LDAP directory link";
$mmail->Body = $report . "\n--\n" . $CFG_GLPI["mailing_signature"];
if ($mail & 1 && $entdata->getFromDB($entity->getField('id')) && $entdata->fields['admin_email']) {
$mmail->AddAddress($entdata->fields['admin_email']);
} else {
if ($mail & 1 && $verb) {
echo " {$pid}: No address found for email entity\n";
}
$mail = $mail & 2;
}
if ($mail & 2 && $CFG_GLPI['admin_email']) {
$mmail->AddAddress($CFG_GLPI['admin_email']);
} else {
if ($mail & 2 && $verb) {
echo " {$pid}: No address found for email admin\n";
}
$mail = $mail & 1;
}
if ($mail) {
if ($mmail->Send() && $verb) {
echo " {$pid}: Report sent by email\n";
}
} else {
echo " {$pid}: Cannot send report (" . $entity->getField('completename') . ") " . "invalid address\n";
}
}
}
return $results[AuthLDAP::USER_DELETED_LDAP] + $results[AuthLDAP::USER_SYNCHRONIZED];
}
return 0;
}
/**
* @since version 0.85
*
* @see CommonDBTM::processMassiveActionsForOneItemtype()
**/
static function processMassiveActionsForOneItemtype(MassiveAction $ma, CommonDBTM $item, array $ids)
{
global $CFG_GLPI;
$input = $ma->getInput();
switch ($ma->getAction()) {
case 'import_group':
$group = new Group();
if (!Session::haveRight("user", User::UPDATEAUTHENT) || !$group->canGlobal(UPDATE)) {
$ma->itemDone($item->getType(), $ids, MassiveAction::ACTION_NORIGHT);
$ma->addMessage($item->getErrorMessage(ERROR_RIGHT));
return;
}
foreach ($ids as $id) {
if (isset($input["dn"][$id])) {
$group_dn = $input["dn"][$id];
if (isset($input["ldap_import_entities"][$id])) {
$entity = $input["ldap_import_entities"][$id];
} else {
$entity = $_SESSION["glpiactive_entity"];
}
// Is recursive is in the main form and thus, don't pass through
// zero_on_empty mechanism inside massive action form ...
$is_recursive = empty($input['ldap_import_recursive'][$id]) ? 0 : 1;
$options = array('authldaps_id' => $_SESSION['ldap_server'], 'entities_id' => $entity, 'is_recursive' => $is_recursive, 'type' => $input['ldap_import_type'][$id]);
if (AuthLdap::ldapImportGroup($group_dn, $options)) {
$ma->itemDone($item->getType(), $id, MassiveAction::ACTION_OK);
} else {
$ma->itemDone($item->getType(), $id, MassiveAction::ACTION_KO);
$ma->addMessage($item->getErrorMessage(ERROR_ON_ACTION, $group_dn));
}
}
// Clean history as id does not correspond to group
$_SESSION['glpimassiveactionselected'] = array();
}
return;
case 'import':
case 'sync':
if (!Session::haveRight("user", User::IMPORTEXTAUTHUSERS)) {
$ma->itemDone($item->getType(), $ids, MassiveAction::ACTION_NORIGHT);
$ma->addMessage($item->getErrorMessage(ERROR_RIGHT));
return;
}
foreach ($ids as $id) {
if (AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $id), $_SESSION['ldap_import']['mode'], $_SESSION['ldap_import']['authldaps_id'], true)) {
$ma->itemDone($item->getType(), $id, MassiveAction::ACTION_OK);
} else {
$ma->itemDone($item->getType(), $id, MassiveAction::ACTION_KO);
$ma->addMessage($item->getErrorMessage(ERROR_ON_ACTION, $id));
}
}
return;
}
parent::processMassiveActionsForOneItemtype($ma, $item, $ids);
}
/**
* @since version 0.84
*
* @see CommonDBTM::doSpecificMassiveActions()
**/
function doSpecificMassiveActions($input = array())
{
global $CFG_GLPI;
$res = array('ok' => 0, 'ko' => 0, 'noright' => 0);
switch ($input['action']) {
case "import":
case "sync":
if (!Session::haveRight("import_externalauth_users", 'w')) {
$res['nbnoright']++;
} else {
if (isset($_GET['multiple_actions']) && isset($_SESSION["glpi_massiveaction"])) {
if ($count = count($input["item"])) {
$i = $input["ldap_process_count"] - $count + 1;
Html::createProgressBar();
Html::changeProgressBarPosition($i, $input["ldap_process_count"], sprintf(__('%1$s/%2$s'), $i, $input["ldap_process_count"]));
$key = key($input["item"]);
unset($input["item"][$key]);
if (AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $key), $input["mode"], $input["authldaps_id"], true)) {
$input['res']['ok']++;
} else {
$input['res']['ko']++;
}
if (count($input["item"])) {
// more to do -> redirect
$_SESSION['glpi_massiveaction']['POST'] = $input;
Html::redirect($CFG_GLPI['root_doc'] . '/front/massiveaction.php?multiple_actions=1');
} else {
// Nothing to do redirect
Html::changeProgressBarPosition(100, 100, __('Successful importation'));
$res = $input['res'];
$_SESSION['ldap_import']['action'] = 'show';
}
}
} else {
if (count($input['item']) > 0) {
$input["ldap_process_count"] = 0;
$input["authldaps_id"] = $_SESSION['ldap_import']['authldaps_id'];
$input["mode"] = $_SESSION['ldap_import']['mode'];
$input['res'] = array('ok' => 0, 'ko' => 0, 'noright' => 0);
foreach ($input['item'] as $key => $val) {
if ($val) {
$input["ldap_process_count"]++;
}
}
$_SESSION['glpi_massiveaction']['POST'] = $input;
Html::redirect($CFG_GLPI['root_doc'] . '/front/massiveaction.php?multiple_actions=1');
} else {
$res['ko']++;
}
}
}
$res['REDIRECT'] = $CFG_GLPI['root_doc'] . "/front/ldap.import.php";
break;
case "import_group":
$group = new Group();
if (!Session::haveRight("user_authtype", 'w') || !$group->canGlobal('w')) {
$res['nbnoright']++;
} else {
if (isset($_GET['multiple_actions']) && isset($_SESSION["glpi_massiveaction"])) {
if ($count = count($input["item"])) {
$i = $input["ldap_process_count"] - $count + 1;
Html::createProgressBar();
Html::changeProgressBarPosition($i, $input["ldap_process_count"], sprintf(__('%1$s/%2$s'), $i, $input["ldap_process_count"]));
$key = key($input["item"]);
unset($input["item"][$key]);
if (isset($input["ldap_import_entities"][$key])) {
$entity = $input["ldap_import_entities"][$key];
} else {
$entity = $_SESSION["glpiactive_entity"];
}
if (AuthLdap::ldapImportGroup($key, array("authldaps_id" => $input["authldaps_id"], "entities_id" => $entity, "is_recursive" => $input["ldap_import_recursive"][$key], "type" => $input["ldap_import_type"][$key]))) {
$input['res']['ok']++;
} else {
$input['res']['ko']++;
}
if (count($input["item"])) {
// more to do -> redirect
$_SESSION['glpi_massiveaction']['POST'] = $input;
Html::redirect($CFG_GLPI['root_doc'] . '/front/massiveaction.php?multiple_actions=1');
} else {
// Nothing to do redirect
Html::changeProgressBarPosition(100, 100, __('Successful importation'));
$res = $input['res'];
$_SESSION['ldap_import']['action'] = 'show';
}
}
} else {
if (count($input['item']) > 0) {
$input["ldap_process_count"] = 0;
$input["authldaps_id"] = $_SESSION['ldap_server'];
$input['res'] = array('ok' => 0, 'ko' => 0, 'noright' => 0);
foreach ($input['item'] as $key => $val) {
if ($val) {
$input["ldap_process_count"]++;
$input["ldap_import_entities"][$key] = $input["ldap_import_entities"][$key];
$input["ldap_import_type"][$key] = $input["ldap_import_type"][$key];
$input["ldap_import_recursive"][$key] = $input["ldap_import_recursive"][$key];
}
}
$_SESSION['glpi_massiveaction']['POST'] = $input;
Html::redirect($CFG_GLPI['root_doc'] . '/front/massiveaction.php?multiple_actions=1');
} else {
$res['ko']++;
}
}
}
$res['REDIRECT'] = $CFG_GLPI['root_doc'] . "/front/ldap.group.import.php";
break;
default:
return parent::doSpecificMassiveActions($input);
}
return $res;
}
if ($_SESSION['ldap_import']['action'] == 'show') {
$_REQUEST['target'] = $_SERVER['PHP_SELF'];
$authldap = new AuthLDAP();
$authldap->getFromDB($_SESSION['ldap_import']['authldaps_id']);
AuthLdap::showUserImportForm($authldap);
if (isset($_SESSION['ldap_import']['authldaps_id']) && $_SESSION['ldap_import']['authldaps_id'] != NOT_AVAILABLE && isset($_SESSION['ldap_import']['criterias']) && !empty($_SESSION['ldap_import']['criterias'])) {
echo "<br />";
AuthLdap::searchUser($authldap);
}
} else {
if (isset($_SESSION["ldap_process"])) {
if ($count = count($_SESSION["ldap_process"])) {
$percent = min(100, round(100 * ($_SESSION["ldap_process_count"] - $count) / $_SESSION["ldap_process_count"], 0));
displayProgressBar(400, $percent);
$key = array_pop($_SESSION["ldap_process"]);
AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $key), $_SESSION['ldap_import']["mode"], $_SESSION['ldap_import']["authldaps_id"], true);
glpi_header($_SERVER['PHP_SELF']);
} else {
unset($_SESSION["ldap_process"]);
displayProgressBar(400, 100);
echo "<div class='center b'>" . $LANG['ocsng'][8] . "<br>";
echo "<a href='" . $_SERVER['PHP_SELF'] . "'>" . $LANG['buttons'][13] . "</a></div>";
unset($_SESSION["authldaps_id"]);
unset($_SESSION["mode"]);
unset($_SESSION["interface"]);
$_SESSION['ldap_import']['action'] = 'show';
refreshDropdownPopupInMainWindow();
}
} else {
if (count($_POST['toprocess']) > 0) {
$_SESSION["ldap_process_count"] = 0;
