예제 #1
0
파일: Person.php 프로젝트: ajaboa/crmpuan
 /**
  * Change the password of the ldap user account
  * @param $oldpass the current password to check
  * @param $newpass the new password
  * @retrun boolean true when password was changed
  */
 public function changePassword($oldpass, $newpass)
 {
     if (!empty($newpass) && isset($oldpass)) {
         if ($this->authenticate($oldpass)) {
             $mapping = self::getMapping();
             $query = $mapping['username'] . '=' . $this->username . ',' . \GO\Ldapauth\LdapauthModule::getPeopleDn($this->username);
             $this->_ldapConn->bind(GO::config()->ldap_user, GO::config()->ldap_pass);
             // become LDAP root
             return @ldap_modify($this->_ldapConn->getLink(), $query, array('userpassword' => $this->encodePassword($newpass)));
             $this->_ldapConn->bind($this->getDn(), $oldpass);
         }
     }
     return false;
 }
예제 #2
0
 /**
  * 
  * php groupofficecli.php -r=ldapauth/sync/users --delete=1 --max_delete_percentage=34 --dry=1
  * 
  * @param type $params
  * @throws Exception
  */
 protected function actionUsers($params)
 {
     $this->requireCli();
     \GO::session()->runAsRoot();
     $dryRun = !empty($params['dry']);
     if ($dryRun) {
         echo "Dry run enabled.\n\n";
     }
     $la = new \GO\Ldapauth\Authenticator();
     $ldapConn = \GO\Base\Ldap\Connection::getDefault();
     $result = $ldapConn->search(\GO\Ldapauth\LdapauthModule::getPeopleDn(), $la->getUserSearchQuery());
     //keep an array of users that exist in ldap. This array will be used later for deletes.
     //admin user is not in ldap but should not be removed.
     $usersInLDAP = array(1);
     $i = 0;
     while ($record = $result->fetch()) {
         $i++;
         try {
             if (!$dryRun) {
                 $user = $la->syncUserWithLdapRecord($record);
                 if (!$user) {
                     //could be expluded from LDAP.
                     //						echo "Failed syncing user. Enable and check debug log for more info.";
                     //						echo "Failed LDAP record: ".var_export($record->getAttributes(), true)."\n";
                     continue;
                 }
                 $username = $user->username;
             } else {
                 $attr = $la->getUserAttributes($record);
                 $username = $attr['username'];
                 $user = \GO\Base\Model\User::model()->findSingleByAttribute('username', $attr['username']);
             }
             if (!$dryRun) {
                 $this->fireEvent("ldapsyncuser", array($user, $record));
             }
             echo "Synced " . $username . "\n";
         } catch (\Exception $e) {
             echo "ERROR:\n";
             echo (string) $e;
             echo "LDAP record:";
             var_dump($record->getAttributes());
         }
         if ($user) {
             $usersInLDAP[] = $user->id;
         }
         //			if($i==100)
         //				exit("Reached 100. Exitting");
     }
     $stmt = \GO\Base\Model\User::model()->find();
     $totalInGO = $stmt->rowCount();
     $totalInLDAP = count($usersInLDAP);
     echo "Users in Group-Office: " . $totalInGO . "\n";
     echo "Users in LDAP: " . $totalInLDAP . "\n";
     if (!empty($params['delete'])) {
         $percentageToDelete = round((1 - $totalInLDAP / $totalInGO) * 100);
         $maxDeletePercentage = isset($params['max_delete_percentage']) ? intval($params['max_delete_percentage']) : 5;
         if ($percentageToDelete > $maxDeletePercentage) {
             die("Delete Aborted because script was about to delete more then {$maxDeletePercentage}% of the users (" . $percentageToDelete . "%, " . ($totalInGO - $totalInLDAP) . " users)\n");
         }
         while ($user = $stmt->fetch()) {
             if (!in_array($user->id, $usersInLDAP)) {
                 echo "Deleting " . $user->username . "\n";
                 if (!$dryRun) {
                     $user->delete();
                 }
             }
         }
     }
     echo "Done\n\n";
     //var_dump($attr);
 }