Exemplo n.º 1
0
 /**
  * Constructor.
  */
 public function __construct($instanceid)
 {
     global $CFG;
     //fetch all instances data
     parent::__construct($instanceid);
     //TODO must be in some setting screen Currently in config.php
     $this->config['group_attribute'] = !empty($CFG->ldap_group_attribute) ? $CFG->ldap_group_attribute : 'cn';
     $this->config['group_class'] = strtolower(!empty($CFG->ldap_group_class) ? $CFG->ldap_group_class : 'groupOfUniqueNames');
     //argh phpldap convert uniqueMember to lowercase array keys when returning the list of members  ...
     $this->config['memberattribute'] = strtolower(!empty($CFG->ldap_member_attribute) ? $CFG->ldap_member_attribute : 'uniquemember');
     $this->config['memberattribute_isdn'] = !empty($CFG->ldap_member_attribute_isdn) ? $CFG->ldap_member_attribute_isdn : 1;
     // new setting
     $this->config['process_nested_groups'] = !empty($CFG->ldap_process_nested_groups) ? $CFG->ldap_process_nested_groups : false;
     /**
      * cache for found groups dn
      * used for nested groups processing
      */
     $this->config['groups_dn_cache'] = array();
     $this->anti_recursion_array = array();
     // restricted list of values to use in synchying Mahara's groups with some LDAP attribute
     if (!empty($CFG->group_synching_ldap_attribute_values)) {
         $this->config['group_synching_ldap_attribute_values'] = explode(',', $CFG->group_synching_ldap_attribute_values);
     } else {
         $this->config['group_synching_ldap_attribute_values'] = array();
     }
 }
Exemplo n.º 2
0
 static function pdfLdapForm(PluginPdfSimplePDF $pdf, Group $item)
 {
     if (Session::haveRight("config", "r") && AuthLdap::useAuthLdap()) {
         $pdf->setColumnsSize(100);
         $pdf->displayTitle(__('LDAP directory link'));
         $pdf->displayText('<b>' . sprintf(__('%1$s: %2$s'), __('User attribute containing its groups') . '</b>', $item->getField('ldap_field')));
         $pdf->displayText('<b>' . sprintf(__('%1$s: %2$s'), __('Attribute value') . '</b>', $item->getField('ldap_value')));
         $pdf->displayText('<b>' . sprintf(__('%1$s: %2$s'), __('Group DN') . '</b>', $item->getField('ldap_group_dn')));
         $pdf->displaySpace();
     }
 }
Exemplo n.º 3
0
 /**
  * @param $authldap  AuthLDAP object
  **/
 private static function buildLdapFilter(AuthLdap $authldap)
 {
     //Build search filter
     $counter = 0;
     $filter = '';
     if (!empty($_SESSION['ldap_import']['criterias']) && $_SESSION['ldap_import']['interface'] == self::SIMPLE_INTERFACE) {
         foreach ($_SESSION['ldap_import']['criterias'] as $criteria => $value) {
             if ($value != '') {
                 $begin = 0;
                 $end = 0;
                 if (($length = strlen($value)) > 0) {
                     if ($value[0] == '^') {
                         $begin = 1;
                     }
                     if ($value[$length - 1] == '$') {
                         $end = 1;
                     }
                 }
                 if ($begin || $end) {
                     // no Toolbox::substr, to be consistent with strlen result
                     $value = substr($value, $begin, $length - $end - $begin);
                 }
                 $counter++;
                 $filter .= '(' . $authldap->fields[$criteria] . '=' . ($begin ? '' : '*') . $value . ($end ? '' : '*') . ')';
             }
         }
     } else {
         $filter = "(" . $authldap->getField("login_field") . "=*)";
     }
     //If time restriction
     $begin_date = isset($_SESSION['ldap_import']['begin_date']) && !empty($_SESSION['ldap_import']['begin_date']) ? $_SESSION['ldap_import']['begin_date'] : NULL;
     $end_date = isset($_SESSION['ldap_import']['end_date']) && !empty($_SESSION['ldap_import']['end_date']) ? $_SESSION['ldap_import']['end_date'] : NULL;
     $filter .= self::addTimestampRestrictions($begin_date, $end_date);
     $ldap_condition = $authldap->getField('condition');
     //Add entity filter and filter filled in directory's configuration form
     return "(&" . (isset($_SESSION['ldap_import']['entity_filter']) ? $_SESSION['ldap_import']['entity_filter'] : '') . " {$filter} {$ldap_condition})";
 }
Exemplo n.º 4
0
 /**
  * Is an external authentication used ?
  *
  * @return boolean
  **/
 static function useAuthExt()
 {
     //Get all the ldap directories
     if (AuthLdap::useAuthLdap()) {
         return true;
     }
     if (AuthMail::useAuthMail()) {
         return true;
     }
     if (!empty($CFG_GLPI["x509_email_field"])) {
         return true;
     }
     // Existing auth method
     if (!empty($CFG_GLPI["ssovariables_id"])) {
         return true;
     }
     // Using CAS server
     if (!empty($CFG_GLPI["cas_host"])) {
         return true;
     }
     return false;
 }
Exemplo n.º 5
0
 /**
  * @since version 0.84 (before in entitydata.class)
  *
  * @param $entities_id
  **/
 static function isEntityDirectoryConfigured($entities_id)
 {
     $entity = new self();
     if ($entity->getFromDB($entities_id) && $entity->getField('authldaps_id') > 0) {
         return true;
     }
     //If there's a directory marked as default
     if (AuthLdap::getDefault()) {
         return true;
     }
     return false;
 }
Exemplo n.º 6
0
 /**
  * @param $ID
  **/
 function showLDAPForm($ID)
 {
     $options = array();
     $this->initForm($ID, $options);
     echo "<form name='groupldap_form' id='groupldap_form' method='post' action='" . $this->getFormURL() . "'>";
     echo "<div class='spaced'><table class='tab_cadre_fixe'>";
     if (Group::canUpdate() && Session::haveRight("user", User::UPDATEAUTHENT) && AuthLdap::useAuthLdap()) {
         echo "<tr class='tab_bg_1'>";
         echo "<th colspan='2' class='center'>" . __('In users') . "</th></tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<td>" . __('Attribute of the user containing its groups') . "</td>";
         echo "<td>";
         Html::autocompletionTextField($this, "ldap_field");
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<td>" . __('Attribute value') . "</td>";
         echo "<td>";
         Html::autocompletionTextField($this, "ldap_value");
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<th colspan='2' class='center'>" . __('In groups') . "</th>";
         echo "</tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<td>" . __('Group DN') . "</td>";
         echo "<td>";
         Html::autocompletionTextField($this, "ldap_group_dn");
         echo "</td></tr>";
     }
     $options = array('colspan' => 1, 'candel' => false);
     $this->showFormButtons($options);
 }
        }
        if (!isset($_SESSION["ldap_server"])) {
            if (isset($_POST["ldap_server"])) {
                $_SESSION["ldap_server"] = $_POST["ldap_server"];
            } else {
                Html::redirect($CFG_GLPI["root_doc"] . "/front/ldap.php");
            }
        }
        if (!AuthLdap::testLDAPConnection($_SESSION["ldap_server"])) {
            unset($_SESSION["ldap_server"]);
            echo "<div class='center b'>" . __('Unable to connect to the LDAP directory') . "<br>";
            echo "<a href='" . $_SERVER['PHP_SELF'] . "?next=listservers'>" . __('Back') . "</a></div>";
        } else {
            if (!isset($_SESSION["ldap_group_filter"])) {
                $_SESSION["ldap_group_filter"] = '';
            }
            if (!isset($_SESSION["ldap_group_filter2"])) {
                $_SESSION["ldap_group_filter2"] = '';
            }
            if (isset($_GET["order"])) {
                $_SESSION["ldap_sortorder"] = $_GET["order"];
            }
            if (!isset($_SESSION["ldap_sortorder"])) {
                $_SESSION["ldap_sortorder"] = "ASC";
            }
            AuthLdap::displayLdapFilter($_SERVER['PHP_SELF'], false);
            AuthLdap::showLdapGroups($_SERVER['PHP_SELF'], $_GET['start'], 0, $_SESSION["ldap_group_filter"], $_SESSION["ldap_group_filter2"], $_SESSION["glpiactive_entity"], $_SESSION["ldap_sortorder"]);
        }
    }
}
Html::footer();
Exemplo n.º 8
0
 function search($query)
 {
     $userlist = array();
     $ldapinfo = array();
     $combined_userlist = array();
     foreach (preg_split('/\\n/', $this->getConfig()->get('basedn')) as $i => $dn) {
         $dn = trim($dn);
         $servers = $this->getConfig()->get('servers');
         $serversa = preg_split('/\\s+/', $servers);
         $sd = $this->getConfig()->get('shortdomain');
         $sda = preg_split('/;|,/', $sd);
         $bind_dn = $this->getConfig()->get('bind_dn');
         $bind_dna = preg_split('/\\n/', $bind_dn);
         $bind_pw = $this->getConfig()->get('bind_pw');
         $bind_pwa = preg_split('/;|,/', $bind_pw);
         $ldapinfo[] = array('dn' => trim($dn), 'sd' => trim($sda[$i]), 'servers' => trim($serversa[$i]), 'bind_dn' => trim($bind_dna[$i]), 'bind_pw' => trim($bind_pwa[$i]));
     }
     foreach ($ldapinfo as $data) {
         $ldap = new AuthLdap();
         $ldap->serverType = 'ActiveDirectory';
         $ldap->server = preg_split('/;|,/', $data['servers']);
         $ldap->dn = $data['dn'];
         $ldap->searchUser = $data['bind_dn'];
         $ldap->searchPassword = $data['bind_pw'];
         if ($ldap->connect()) {
             $filter = "(&(objectCategory=person)(objectClass=user)(|(sAMAccountName={q}*)(firstName={q}*)(lastName={q}*)(displayName={q}*)))";
             if ($userlist = $ldap->getUsers($query, array('sAMAccountName', 'sn', 'givenName', 'displayName', 'mail', 'telephoneNumber', 'distinguishedName'), $filter)) {
                 //echo 'userlist: ' . json_encode($userlist);
                 $temp_userlist = $this->multi_re_key($userlist, array('sAMAccountName', 'givenName', 'sn', 'displayName', 'mail', 'telephoneNumber', 'distinguishedName'), array('username', 'first', 'last', 'full', 'email', 'phone', 'dn'));
                 $combined_userlist = array_merge($combined_userlist, $temp_userlist);
             }
         } else {
             $conninfo[] = array(false, $data['sd'] . " error: " . $ldap->ldapErrorCode . " - " . $ldap->ldapErrorText);
         }
     }
     return $combined_userlist;
 }
Exemplo n.º 9
0
/**
 * @param $pid
 * @param $data
 * @param $server
 * @param $prof
 * @param $verb
 * @param $mail
**/
function syncEntity($pid, $data, $server, $prof, $verb, $mail)
{
    global $DB, $LANG, $CFG_GLPI;
    // Re-establish DB connexion - mandatory in each forked process
    if (!DBConnection::switchToMaster()) {
        echo " {$pid}: lost DB connection\n";
        return 0;
    }
    // Server from entity (if not given from option)
    if ($data['authldaps_id'] > 0) {
        $server = $data['authldaps_id'];
    }
    $entity = new Entity();
    if ($entity->getFromDB($id = $data['id'])) {
        $tps = microtime(true);
        if ($verb) {
            echo "  {$pid}: Synchonizing entity '" . $entity->getField('completename') . "' ({$id}, mail={$mail})\n";
        }
        $sql = "SELECT DISTINCT glpi_users.*\n              FROM glpi_users\n              INNER JOIN glpi_profiles_users\n                  ON (glpi_profiles_users.users_id = glpi_users.id\n                      AND glpi_profiles_users.entities_id = {$id}";
        if ($prof > 0) {
            $sql .= "    AND glpi_profiles_users.profiles_id = {$prof}";
        }
        $sql .= ")\n               WHERE glpi_users.authtype = " . Auth::LDAP;
        if ($server > 0) {
            $sql .= " AND glpi_users.auths_id = {$server}";
        }
        $users = array();
        $results = array(AuthLDAP::USER_IMPORTED => 0, AuthLDAP::USER_SYNCHRONIZED => 0, AuthLDAP::USER_DELETED_LDAP => 0);
        $req = $DB->request($sql);
        $i = 0;
        $nb = $req->numrows();
        foreach ($req as $row) {
            $i++;
            $result = AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $row['name']), AuthLDAP::ACTION_SYNCHRONIZE, $row['auths_id']);
            if ($result) {
                $results[$result['action']] += 1;
                $users[$row['id']] = $row['name'];
                if ($result['action'] == AuthLDAP::USER_SYNCHRONIZED) {
                    if ($verb) {
                        echo "  {$pid}: User '" . $row['name'] . "' synchronized ({$i}/{$nb})\n";
                    }
                } else {
                    if ($verb) {
                        echo "  {$pid}: User '" . $row['name'] . "' deleted\n";
                    }
                }
            } else {
                if ($verb) {
                    echo "  {$pid}: Problem with LDAP for user '" . $row['name'] . "'\n";
                }
            }
        }
        $tps = microtime(true) - $tps;
        printf("  %d: Entity '%s' - Synchronized: %d, Deleted from LDAP: %d, Time: %.2f\"\n", $pid, $entity->getField('completename'), $results[AuthLDAP::USER_SYNCHRONIZED], $results[AuthLDAP::USER_DELETED_LDAP], $tps);
        if ($mail) {
            $report = '';
            $user = new User();
            foreach ($users as $id => $name) {
                if ($user->getFromDB($id)) {
                    $logs = Log::getHistoryData($user, 0, $_SESSION['glpilist_limit'], "`date_mod`='" . $_SESSION['glpi_currenttime'] . "'");
                    if (count($logs)) {
                        $report .= "\n{$name} (" . $user->getName() . ")\n";
                        foreach ($logs as $log) {
                            $report .= "\t";
                            if ($log['field']) {
                                $report .= $log['field'] . ": ";
                            }
                            $report .= Html::clean($log['change']) . "\n";
                        }
                    }
                } else {
                    $report .= "\n" . $name . "\n\t deleted\n";
                }
            }
            if ($report) {
                $report = "Synchronization of already imported users\n " . "Entité: " . $entity->getField('completename') . "\n " . "Date: " . Html::convDateTime($_SESSION['glpi_currenttime']) . "\n " . $report;
                $entdata = new Entity();
                $mmail = new NotificationMail();
                $mmail->AddCustomHeader("Auto-Submitted: auto-generated");
                $mmail->From = $CFG_GLPI["admin_email"];
                $mmail->FromName = "GLPI";
                $mmail->Subject = "[GLPI] LDAP directory link";
                $mmail->Body = $report . "\n--\n" . $CFG_GLPI["mailing_signature"];
                if ($mail & 1 && $entdata->getFromDB($entity->getField('id')) && $entdata->fields['admin_email']) {
                    $mmail->AddAddress($entdata->fields['admin_email']);
                } else {
                    if ($mail & 1 && $verb) {
                        echo "  {$pid}: No address found for email entity\n";
                    }
                    $mail = $mail & 2;
                }
                if ($mail & 2 && $CFG_GLPI['admin_email']) {
                    $mmail->AddAddress($CFG_GLPI['admin_email']);
                } else {
                    if ($mail & 2 && $verb) {
                        echo "  {$pid}: No address found for email admin\n";
                    }
                    $mail = $mail & 1;
                }
                if ($mail) {
                    if ($mmail->Send() && $verb) {
                        echo "  {$pid}: Report sent by email\n";
                    }
                } else {
                    echo "  {$pid}: Cannot send report (" . $entity->getField('completename') . ") " . "invalid address\n";
                }
            }
        }
        return $results[AuthLDAP::USER_DELETED_LDAP] + $results[AuthLDAP::USER_SYNCHRONIZED];
    }
    return 0;
}
Exemplo n.º 10
0
<?php

include '../../../inc/includes.php';
Session::checkRight("config", "w");
$authldap = new AuthLdap();
$authldap->getFromDB($_POST['value']);
$filter = "(" . $authldap->getField("login_field") . "=*)";
$ldap_condition = $authldap->getField('condition');
echo "(& {$filter} {$ldap_condition})";
Exemplo n.º 11
0
     foreach ($_POST["item"] as $key => $val) {
         if ($val == 1) {
             $ids[] = $key;
         }
     }
     $softdictionnayrule->replayRulesOnExistingDB(0, 0, $ids);
     break;
 case "force_user_ldap_update":
     checkRight("user", "w");
     $user = new User();
     $ids = array();
     foreach ($_POST["item"] as $key => $val) {
         if ($val == 1) {
             $user->getFromDB($key);
             if ($user->fields["authtype"] == Auth::LDAP || $user->fields["authtype"] == Auth::EXTERNAL) {
                 AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $user->fields["name"]), 1, $user->fields["auths_id"]);
             }
         }
     }
     break;
 case "add_transfer_list":
     if (!isset($_SESSION['glpitransfer_list'])) {
         $_SESSION['glpitransfer_list'] = array();
     }
     if (!isset($_SESSION['glpitransfer_list'][$_POST["itemtype"]])) {
         $_SESSION['glpitransfer_list'][$_POST["itemtype"]] = array();
     }
     foreach ($_POST["item"] as $key => $val) {
         if ($val == 1) {
             $_SESSION['glpitransfer_list'][$_POST["itemtype"]][$key] = $key;
         }
Exemplo n.º 12
0
GLPI is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

GLPI is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with GLPI. If not, see <http://www.gnu.org/licenses/>.
--------------------------------------------------------------------------
*/
/** @file
* @brief
*/
include '../inc/includes.php';
Session::checkRight("user", User::IMPORTEXTAUTHUSERS);
Html::header(__('LDAP directory link'), $_SERVER['PHP_SELF'], "admin", "user", "ldap");
if (isset($_SESSION["ldap_sortorder"])) {
    unset($_SESSION["ldap_sortorder"]);
}
AuthLdap::manageValuesInSession(array(), true);
echo "<div class='center'><table class='tab_cadre'>";
echo "<tr><th>" . __('Bulk import users from a LDAP directory') . "</th></tr>";
echo "<tr class='tab_bg_1'><td class='center b'>" . "<a href='ldap.import.php?mode=1&action=show'>" . __('Synchronizing already imported users') . "</a></td></tr>";
echo "<tr class='tab_bg_1'><td class='center b'>" . "<a href='ldap.import.php?mode=0&action=show'>" . __('Import new users') . "</a></td> </tr>";
echo "</table></div>";
Html::footer();
Exemplo n.º 13
0
 static function isEntityDirectoryConfigured($entities_id)
 {
     $entitydatas = new EntityData();
     if ($entitydatas->getFromDB($entities_id) && $entitydatas->getField('authldaps_id') != NOT_AVAILABLE) {
         return true;
     }
     //If there's a directory marked as default
     if (AuthLdap::getDefault()) {
         return true;
     }
     return false;
 }
Exemplo n.º 14
0
 function showLDAPForm($target, $ID)
 {
     global $LANG;
     if (!haveRight("group", "r")) {
         return false;
     }
     if ($ID > 0) {
         $this->check($ID, 'r');
     } else {
         // Create item
         $this->check(-1, 'w');
     }
     echo "<form name='groupldap_form' id='groupldap_form' method='post' action='{$target}'>";
     echo "<div class='spaced'><table class='tab_cadre_fixe'>";
     if (haveRight("config", "r") && AuthLdap::useAuthLdap()) {
         echo "<tr class='tab_bg_1'>";
         echo "<td colspan='2' class='center'>" . $LANG['setup'][256] . "&nbsp;:&nbsp;</td></tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<td>" . $LANG['setup'][260] . "&nbsp;:&nbsp;</td>";
         echo "<td>";
         autocompletionTextField($this, "ldap_field");
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<td>" . $LANG['setup'][601] . "&nbsp;:&nbsp;</td>";
         echo "<td>";
         autocompletionTextField($this, "ldap_value");
         echo "</td></tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<td colspan='2' class='center'>" . $LANG['setup'][257] . "&nbsp;:&nbsp;</td>";
         echo "</tr>";
         echo "<tr class='tab_bg_1'>";
         echo "<td>" . $LANG['setup'][261] . "&nbsp;:&nbsp;</td>";
         echo "<td>";
         autocompletionTextField($this, "ldap_group_dn");
         echo "</td></tr>";
     }
     $options = array('colspan' => 1, 'candel' => false);
     $this->showFormButtons($options);
     echo "</table></div></form>";
 }
Exemplo n.º 15
0
                }
                echo "\n";
            }
        } else {
            echo "No OCS server\n";
        }
    }
    // Check Auth connections
    $auth = new Auth();
    $auth->getAuthMethods();
    $ldap_methods = $auth->authtypes["ldap"];
    if (count($ldap_methods)) {
        echo "Check LDAP servers:";
        foreach ($ldap_methods as $method) {
            echo " " . $method['name'];
            if (AuthLdap::tryToConnectToServer($method, $method["rootdn"], decrypt($method["rootdn_passwd"], GLPIKEY))) {
                echo "_OK";
            } else {
                echo "_PROBLEM";
                $ok = false;
            }
            echo "\n";
        }
    } else {
        echo "No LDAP server\n";
    }
    // TODO Check mail server : cannot open a mail connexion / only ping server ?
    // TODO check CAS url / check url using socket ?
}
echo "\n";
if ($ok) {
Exemplo n.º 16
0
This file is part of GLPI.

GLPI is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

GLPI is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with GLPI. If not, see <http://www.gnu.org/licenses/>.
--------------------------------------------------------------------------
*/
/** @file
* @brief
*/
if (strpos($_SERVER['PHP_SELF'], "ldapdaterestriction.php")) {
    include '../inc/includes.php';
    header("Content-Type: text/html; charset=UTF-8");
    Html::header_nocache();
}
if (!defined('GLPI_ROOT')) {
    die("Can not acces directly to this file");
}
Session::checkLoginUser();
AuthLdap::showDateRestrictionForm($_POST);
 if (isset($_POST["change_auth_method"])) {
     Session::checkRight('user', User::UPDATEAUTHENT);
     if (isset($_POST["auths_id"])) {
         User::changeAuthMethod(array($_POST["id"]), $_POST["authtype"], $_POST["auths_id"]);
     }
     Html::back();
 } else {
     if (isset($_GET["ext_auth"])) {
         Html::header(User::getTypeName(Session::getPluralNumber()), '', "admin", "user");
         User::showAddExtAuthForm();
         Html::footer();
     } else {
         if (isset($_POST['add_ext_auth_ldap'])) {
             Session::checkRight("user", User::IMPORTEXTAUTHUSERS);
             if (isset($_POST['login']) && !empty($_POST['login'])) {
                 AuthLdap::importUserFromServers(array('name' => $_POST['login']));
             }
             Html::back();
         } else {
             if (isset($_POST['add_ext_auth_simple'])) {
                 if (isset($_POST['login']) && !empty($_POST['login'])) {
                     Session::checkRight("user", User::IMPORTEXTAUTHUSERS);
                     $input = array('name' => $_POST['login'], '_extauth' => 1, 'add' => 1);
                     $user->check(-1, CREATE, $input);
                     $newID = $user->add($input);
                     Event::log($newID, "users", 4, "setup", sprintf(__('%1$s adds the item %2$s'), $_SESSION["glpiname"], $_POST["login"]));
                 }
                 Html::back();
             } else {
                 Session::checkRight("user", READ);
                 Html::header(User::getTypeName(Session::getPluralNumber()), '', "admin", "user");
Exemplo n.º 18
0
 /**
  * This method return GLPI status (same as status.php)
  *
  * @param $params    array of option : ignored
  * @param $protocol        the communication protocol used
  *
  * @return an response ready to be encode
  **/
 static function methodStatus($params, $protocol)
 {
     global $DB;
     if (isset($params['help'])) {
         return array('help' => 'bool,optional');
     }
     $resp = array();
     $ok_master = true;
     $ok_slave = true;
     $ok = true;
     // Check slave server connection
     if (DBConnection::isDBSlaveActive()) {
         $DBslave = DBConnection::getDBSlaveConf();
         if (is_array($DBslave->dbhost)) {
             $hosts = $DBslave->dbhost;
         } else {
             $hosts = array($DBslave->dbhost);
         }
         foreach ($hosts as $num => $name) {
             $diff = DBConnection::getReplicateDelay($num);
             if ($diff > 1000000000) {
                 $resp['slavedb_' . $num] = "offline";
                 $ok_slave = false;
             } else {
                 if ($diff) {
                     $resp['slavedb_' . $num] = $diff;
                     if ($diff > HOUR_TIMESTAMP) {
                         $ok_slave = false;
                     }
                 } else {
                     $resp['slavedb_' . $num] = "ok";
                 }
             }
         }
     } else {
         $resp['slavedb'] = "not configured";
     }
     // Check main server connection
     if (DBConnection::establishDBConnection(false, true, false)) {
         $resp['maindb'] = "ok";
     } else {
         $resp['slavedb'] = "offline";
         $ok_master = false;
     }
     // Slave and master ok;
     $ok = $ok_slave && $ok_master;
     // Check session dir (usefull when NFS mounted))
     if (is_dir(GLPI_SESSION_DIR) && is_writable(GLPI_SESSION_DIR)) {
         $resp['sessiondir'] = "ok";
     } else {
         $resp['sessiondir'] = "not writable";
         $ok = false;
     }
     // Reestablished DB connection
     if (($ok_master || $ok_slave) && DBConnection::establishDBConnection(false, false, false)) {
         // Check Auth connections
         $auth = new Auth();
         $auth->getAuthMethods();
         $ldap_methods = $auth->authtypes["ldap"];
         if (count($ldap_methods)) {
             foreach ($ldap_methods as $method) {
                 if ($method['is_active']) {
                     if (AuthLdap::tryToConnectToServer($method, $method["rootdn"], Toolbox::decrypt($method["rootdn_passwd"], GLPIKEY))) {
                         $resp['LDAP_' . $method['name']] = "ok";
                     } else {
                         $resp['LDAP_' . $method['name']] = "offline";
                         $ok = false;
                     }
                 }
             }
         }
     }
     if ($ok) {
         $resp['glpi'] = "ok";
     } else {
         $resp['glpi'] = "error";
     }
     return $resp;
 }
Exemplo n.º 19
0
if ($_SESSION['ldap_import']['action'] == 'show') {
    $_REQUEST['target'] = $_SERVER['PHP_SELF'];
    $authldap = new AuthLDAP();
    $authldap->getFromDB($_SESSION['ldap_import']['authldaps_id']);
    AuthLdap::showUserImportForm($authldap);
    if (isset($_SESSION['ldap_import']['authldaps_id']) && $_SESSION['ldap_import']['authldaps_id'] != NOT_AVAILABLE && isset($_SESSION['ldap_import']['criterias']) && !empty($_SESSION['ldap_import']['criterias'])) {
        echo "<br />";
        AuthLdap::searchUser($authldap);
    }
} else {
    if (isset($_SESSION["ldap_process"])) {
        if ($count = count($_SESSION["ldap_process"])) {
            $percent = min(100, round(100 * ($_SESSION["ldap_process_count"] - $count) / $_SESSION["ldap_process_count"], 0));
            displayProgressBar(400, $percent);
            $key = array_pop($_SESSION["ldap_process"]);
            AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $key), $_SESSION['ldap_import']["mode"], $_SESSION['ldap_import']["authldaps_id"], true);
            glpi_header($_SERVER['PHP_SELF']);
        } else {
            unset($_SESSION["ldap_process"]);
            displayProgressBar(400, 100);
            echo "<div class='center b'>" . $LANG['ocsng'][8] . "<br>";
            echo "<a href='" . $_SERVER['PHP_SELF'] . "'>" . $LANG['buttons'][13] . "</a></div>";
            unset($_SESSION["authldaps_id"]);
            unset($_SESSION["mode"]);
            unset($_SESSION["interface"]);
            $_SESSION['ldap_import']['action'] = 'show';
            refreshDropdownPopupInMainWindow();
        }
    } else {
        if (count($_POST['toprocess']) > 0) {
            $_SESSION["ldap_process_count"] = 0;
Exemplo n.º 20
0
/**
 * Function to import or synchronise all the users from an ldap directory
 *
 * @param $options   array
**/
function import(array $options)
{
    global $CFG_GLPI;
    $results = array(AuthLDAP::USER_IMPORTED => 0, AuthLDAP::USER_SYNCHRONIZED => 0, AuthLDAP::USER_DELETED_LDAP => 0);
    //The ldap server id is passed in the script url (parameter server_id)
    $limitexceeded = false;
    $actions_to_do = array();
    switch ($options['action']) {
        case AuthLDAP::ACTION_IMPORT:
            $actions_to_do = array(AuthLDAP::ACTION_IMPORT);
            break;
        case AuthLDAP::ACTION_SYNCHRONIZE:
            $actions_to_do = array(AuthLDAP::ACTION_SYNCHRONIZE);
            break;
        case AuthLDAP::ACTION_ALL:
            $actions_to_do = array(AuthLDAP::ACTION_IMPORT, AuthLDAP::ACTION_ALL);
            break;
    }
    foreach ($actions_to_do as $action_to_do) {
        $options['mode'] = $action_to_do;
        $options['authldaps_id'] = $options['ldapservers_id'];
        $users = AuthLdap::getAllUsers($options, $results, $limitexceeded);
        $contact_ok = true;
        if (is_array($users)) {
            foreach ($users as $user) {
                $result = AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $user["user"]), $action_to_do, $options['ldapservers_id']);
                if ($result) {
                    $results[$result['action']] += 1;
                }
                echo ".";
            }
        } else {
            if (!$users) {
                $contact_ok = false;
            }
        }
    }
    if ($limitexceeded) {
        echo "\nLDAP Server size limit exceeded";
        if ($CFG_GLPI['user_deleted_ldap']) {
            echo ": user deletion disabled\n";
        }
        echo "\n";
    }
    if ($contact_ok) {
        echo "\nImported: " . $results[AuthLDAP::USER_IMPORTED] . "\n";
        echo "Synchronized: " . $results[AuthLDAP::USER_SYNCHRONIZED] . "\n";
        echo "Deleted from LDAP: " . $results[AuthLDAP::USER_DELETED_LDAP] . "\n";
    } else {
        echo "Cannot contact LDAP server!\n";
    }
    echo "\n\n";
}
Exemplo n.º 21
0
if (!defined('GLPI_ROOT')) {
    include '../inc/includes.php';
}
Session::checkRight("import_externalauth_users", 'w');
// Need REQUEST to manage initial walues and posted ones
AuthLdap::manageValuesInSession($_REQUEST);
if (isset($_SESSION['ldap_import']['popup']) && $_SESSION['ldap_import']['popup']) {
    Html::popHeader(__('LDAP directory link'), $_SERVER['PHP_SELF']);
} else {
    Html::header(__('LDAP directory link'), $_SERVER['PHP_SELF'], "admin", "user", "ldap");
}
if (isset($_GET['start'])) {
    $_SESSION['ldap_import']['start'] = $_GET['start'];
}
if (isset($_GET['order'])) {
    $_SESSION['ldap_import']['order'] = $_GET['order'];
}
if ($_SESSION['ldap_import']['action'] == 'show') {
    $authldap = new AuthLDAP();
    $authldap->getFromDB($_SESSION['ldap_import']['authldaps_id']);
    AuthLdap::showUserImportForm($authldap);
    if (isset($_SESSION['ldap_import']['authldaps_id']) && $_SESSION['ldap_import']['authldaps_id'] != NOT_AVAILABLE && isset($_SESSION['ldap_import']['criterias']) && !empty($_SESSION['ldap_import']['criterias'])) {
        echo "<br />";
        AuthLdap::searchUser($authldap);
    }
}
if (isset($_SESSION['ldap_import']['popup']) && $_SESSION['ldap_import']['popup']) {
    Html::ajaxFooter();
} else {
    Html::footer();
}
Exemplo n.º 22
0
 /**
  * Display information from LDAP server for user
  **/
 private function showLdapDebug()
 {
     if ($this->fields['authtype'] != Auth::LDAP) {
         return false;
     }
     echo "<div class='spaced'>";
     echo "<table class='tab_cadre_fixe'>";
     echo "<tr><th colspan='4'>" . __('LDAP directory') . "</th></tr>";
     echo "<tr class='tab_bg_2'><td>" . __('User DN') . "</td>";
     echo "<td>" . $this->fields['user_dn'] . "</td></tr>\n";
     if ($this->fields['user_dn']) {
         echo "<tr class='tab_bg_2'><td>" . __('User information') . "</td><td>";
         $config_ldap = new AuthLDAP();
         $ds = false;
         if ($config_ldap->getFromDB($this->fields['auths_id'])) {
             $ds = $config_ldap->connect();
         }
         if ($ds) {
             $info = AuthLdap::getUserByDn($ds, $this->fields['user_dn'], array('*', 'createTimeStamp', 'modifyTimestamp'));
             if (is_array($info)) {
                 Html::printCleanArray($info);
             } else {
                 _e('No item to display');
             }
         } else {
             _e('Connection failed');
         }
         echo "</td></tr>\n";
     }
     echo "</table></div>";
 }
Exemplo n.º 23
0
/**
 * synchronize Mahara's groups with groups defined on a LDAP server
 *
 * @param string $institutionname Name of the institution to process
 * @param array $excludelist exclude LDAP groups matching these regular expressions in their names
 * @param array $includelist process only LDAP groups matching these regular expressions in their names
 * @param array $onlycontexts Restrict searching in these contexts (override values set in authentication plugin)
 * @param boolean $searchsub search in subcontexts (override values set in authentication plugin)
 * @param string $grouptype type of Mahara group to create, should be 'standard' or 'course'
 * @param string $groupattribute If this is present, then instead of searching for groups as objects in ldap,
 *     we search for distint values of this attribute in user accounts in LDAP, and create a group for each distinct value.
 * @param boolean $docreate create new accounts
 * @param boolean $dryrun dummy execution. Do not perform any database operations
 * @return boolean
 */
function auth_ldap_sync_groups($institutionname, $syncbyclass = false, $excludelist = null, $includelist = null, $onlycontexts = null, $searchsub = null, $grouptype = null, $docreate = null, $nestedgroups = null, $groupclass = null, $groupattribute = null, $syncbyattribute = false, $userattribute = null, $attrgroupnames = null, $dryrun = false)
{
    log_info('---------- started institution group sync for "' . $institutionname . '" at ' . date('r', time()) . ' ----------');
    if (get_config('auth_ldap_debug_sync_cron')) {
        log_debug("exclusion list : ");
        var_dump($excludelist);
        log_debug("inclusion list : ");
        var_dump($includelist);
    }
    $auths = get_records_select_array('auth_instance', "authname in ('cas', 'ldap') and institution=?", array($institutionname));
    if (get_config('auth_ldap_debug_sync_cron')) {
        log_debug("auths candidates : ");
        var_dump($auths);
    }
    if (count($auths) == 0) {
        log_warn(get_string('nomatchingauths', 'auth.ldap'));
        return false;
    }
    $result = true;
    foreach ($auths as $auth) {
        $instance = new AuthLdap($auth->id);
        $instance->set_config('syncgroupscron', true);
        $instance->set_config('syncgroupsbyclass', $syncbyclass);
        $instance->set_config('syncgroupsbyuserfield', $syncbyattribute);
        if ($excludelist !== null) {
            if (!is_array($excludelist)) {
                $excludelist = preg_split('/\\s*,\\s*/', trim($excludelist));
            }
            $instance->set_config('syncgroupsexcludelist', $excludelist);
        }
        if ($includelist !== null) {
            if (!is_array($includelist)) {
                $includelist = preg_split('/\\s*,\\s*/', trim($includelist));
            }
            $instance->set_config('syncgroupsincludelist', $includelist);
        }
        if ($onlycontexts !== null) {
            $instance->set_config('syncgroupscontexts', $onlycontexts);
        }
        if ($searchsub !== null) {
            $instance->set_config('syncgroupssearchsub', $searchsub);
        }
        if ($grouptype !== null) {
            $instance->set_config('syncgroupsgrouptype', $grouptype);
        }
        if ($nestedgroups !== null) {
            $instance->set_config('nestedgroups', $nestedgroups);
        }
        if ($groupclass !== null) {
            $instance->set_config('syncgroupsgroupclass', $groupclass);
        }
        if ($groupattribute !== null) {
            $instance->set_config('syncgroupsgroupattribute', $groupattribute);
        }
        if ($docreate !== null) {
            $instance->set_config('syncgroupsautocreate', $docreate);
        }
        $result = $result && $instance->sync_groups($dryrun);
    }
    log_info('---------- finished institution group sync at ' . date('r', time()) . ' ----------');
    return $result;
}
Exemplo n.º 24
0
 if (isset($_POST["test_ldap"])) {
     $config_ldap->getFromDB($_POST["id"]);
     if (AuthLdap::testLDAPConnection($_POST["id"])) {
         //TRANS: %s is the description of the test
         $_SESSION["LDAP_TEST_MESSAGE"] = sprintf(__('Test successful: %s'), sprintf(__('Main server %s'), $config_ldap->fields["name"]));
     } else {
         //TRANS: %s is the description of the test
         $_SESSION["LDAP_TEST_MESSAGE"] = sprintf(__('Test failed: %s'), sprintf(__('Main server %s'), $config_ldap->fields["name"]));
     }
     Html::back();
 } else {
     if (isset($_POST["test_ldap_replicate"])) {
         foreach ($_POST["test_ldap_replicate"] as $replicate_id => $value) {
             $replicate = new AuthLdapReplicate();
             $replicate->getFromDB($replicate_id);
             if (AuthLdap::testLDAPConnection($_POST["id"], $replicate_id)) {
                 //TRANS: %s is the description of the test
                 $_SESSION["LDAP_TEST_MESSAGE"] = sprintf(__('Test successful: %s'), sprintf(__('Replicate %s'), $ldap->fields["name"]));
             } else {
                 //TRANS: %s is the description of the test
                 $_SESSION["LDAP_TEST_MESSAGE"] = sprintf(__('Test failed: %s'), sprintf(__('Replicate %s'), $ldap->fields["name"]));
             }
         }
         Html::back();
     } else {
         if (isset($_POST["add_replicate"])) {
             $replicate = new AuthLdapReplicate();
             unset($_POST["next"]);
             unset($_POST["id"]);
             $replicate->add($_POST);
             Html::back();
Exemplo n.º 25
0
 /**
  * Display information from LDAP server for user
  **/
 private function showLdapDebug()
 {
     global $LANG;
     if ($this->fields['authtype'] != Auth::LDAP) {
         return false;
     }
     echo "<div class='spaced'>";
     echo "<table class='tab_cadre_fixe'>";
     echo "<tr><th colspan='4'>" . $LANG['setup'][137] . ' - ' . $LANG['login'][2] . "</th></tr>";
     echo "<tr class='tab_bg_2'><td>" . $LANG['ldap'][26] . "&nbsp;:</td>";
     echo "<td>" . $this->fields['user_dn'] . "</td></tr>\n";
     if ($this->fields['user_dn']) {
         echo "<tr class='tab_bg_2'><td>" . $LANG['title'][13] . "&nbsp;:</td><td>";
         $config_ldap = new AuthLDAP();
         $ds = false;
         if ($config_ldap->getFromDB($this->fields['auths_id'])) {
             $ds = $config_ldap->connect();
         }
         if ($ds) {
             $info = AuthLdap::getUserByDn($ds, $this->fields['user_dn'], array('*', 'createTimeStamp', 'modifyTimestamp'));
             if (is_array($info)) {
                 printCleanArray($info);
             } else {
                 echo $LANG['stats'][2];
             }
         } else {
             echo $LANG['log'][41];
         }
         echo "</td></tr>\n";
     }
     echo "</table></div>";
 }