/**
* @return array
*/
function getProjects()
{
global $wgAuth;
global $wgOpenStackManagerLDAPProjectBaseDN;
# All projects have a owner attribute, project
# roles do not
$projects = array();
$filter = "(&(objectclass=groupofnames)(member={$this->userDN}))";
$result = LdapAuthenticationPlugin::ldap_list($wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, $filter);
if ($result) {
$entries = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
if ($entries) {
# First entry is always a count
array_shift($entries);
foreach ($entries as $entry) {
$projects[] = $entry['cn'][0];
}
}
} else {
$wgAuth->printDebug("No result found when searching for user's projects", NONSENSITIVE);
}
return $projects;
}
/**
* Deletes a domain based on the domain's short name. Will fail to
* delete the domain if any host entries still exist in the domain.
*
* @static
* @param $domainname
* @return bool
*/
static function deleteDomain( $domainname ) {
global $wgAuth;
OpenStackNovaLdapConnection::connect();
$domain = new OpenStackNovaDomain( $domainname );
if ( ! $domain ) {
$wgAuth->printDebug( "Domain $domainname does not exist", NONSENSITIVE );
return false;
}
$dn = $domain->domainDN;
# Domains can have records as sub entries. If sub-entries exist, fail.
$result = LdapAuthenticationPlugin::ldap_list( $wgAuth->ldapconn, $dn, 'objectclass=*' );
$hosts = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
if ( $hosts['count'] != "0" ) {
$wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE );
return false;
}
$success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn );
if ( $success ) {
$wgAuth->printDebug( "Successfully deleted domain $domainname", NONSENSITIVE );
return true;
} else {
$wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE );
return false;
}
}
/**
* Deletes a project based on project name. This function will also delete all roles
* associated with the project.
*
* @param $projectname String
* @return bool
*/
static function deleteProject($projectname)
{
global $wgAuth;
OpenStackNovaLdapConnection::connect();
$project = new OpenStackNovaProject($projectname);
if (!$project) {
return false;
}
$dn = $project->projectDN;
# Projects can have roles as sub-entries, we need to delete them first
$result = LdapAuthenticationPlugin::ldap_list($wgAuth->ldapconn, $dn, 'objectclass=*');
$roles = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
array_shift($roles);
foreach ($roles as $role) {
$roledn = $role['dn'];
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $roledn);
if ($success) {
$wgAuth->printDebug("Successfully deleted role {$roledn}", NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete role {$roledn}", NONSENSITIVE);
}
}
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn);
if ($success) {
$wgAuth->printDebug("Successfully deleted project {$projectname}", NONSENSITIVE);
return true;
} else {
$wgAuth->printDebug("Failed to delete project {$projectname}", NONSENSITIVE);
return false;
}
}
/**
* Deletes a project based on project name. This function will also delete all roles
* associated with the project.
*
* @param $projectname String
* @return bool
*/
static function deleteProject($projectname)
{
global $wgAuth;
OpenStackNovaLdapConnection::connect();
$project = new OpenStackNovaProject($projectname);
if (!$project) {
return false;
}
$dn = $project->projectDN;
# Projects can have roles as sub-entries, we need to delete them first
$result = LdapAuthenticationPlugin::ldap_list($wgAuth->ldapconn, $dn, 'objectclass=*');
$roles = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
array_shift($roles);
foreach ($roles as $role) {
$roledn = $role['dn'];
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $roledn);
if ($success) {
$wgAuth->printDebug("Successfully deleted role {$roledn}", NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete role {$roledn}", NONSENSITIVE);
}
}
# Projects can have a separate group entry. If so, delete it now.
if (OpenStackNovaProject::useProjectGroup()) {
OpenStackNovaProjectGroup::deleteProjectGroup($projectname);
}
# Projects have a sudo OU and sudoers entries below that OU, we must delete them first
$sudoers = OpenStackNovaSudoer::getAllSudoersByProject($project->getProjectName());
foreach ($sudoers as $sudoer) {
$success = OpenStackNovaSudoer::deleteSudoer($sudoer->getSudoerName(), $project->getProjectName());
if ($success) {
$wgAuth->printDebug("Successfully deleted sudoer " . $sudoer->getSudoerName(), NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete sudoer " . $sudoer->getSudoerName(), NONSENSITIVE);
}
}
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $project->getSudoersDN());
if ($success) {
$wgAuth->printDebug("Successfully deleted sudoers OU " . $project->getSudoersDN(), NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete sudoers OU " . $project->getSudoersDN(), NONSENSITIVE);
}
# And, we need to clean up service groups.
$servicegroups = $project->getServiceGroups();
foreach ($servicegroups as $group) {
$groupName = $group->groupName;
$success = OpenStackNovaServiceGroup::deleteServiceGroup($groupName, $project);
if ($success) {
$wgAuth->printDebug("Successfully deleted service group " . $groupName, NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete servie group " . $groupName, NONSENSITIVE);
}
}
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn);
if ($success) {
$wgAuth->printDebug("Successfully deleted project {$projectname}", NONSENSITIVE);
return true;
} else {
$wgAuth->printDebug("Failed to delete project {$projectname}", NONSENSITIVE);
return false;
}
}
