public function ldapSync($row)
{
$ldap_query = $this->ldap->getLDAPParam('eduid') . '=' . $row['ldap_id'];
$userSync = $this->getLdapUserSync();
$attributes = $userSync->getSyncAttributes($this->ldap);
$time_start = microtime(true);
$lri = false;
foreach (split(';', $this->ldap->getLDAPParam('people_dn')) as $PeopleDn) {
$lri = $this->ldap->search($PeopleDn, $ldap_query, LDAP::SCOPE_ONELEVEL, $attributes);
if (count($lri) == 1 && $lri != false) {
break;
}
}
$time_end = microtime(true);
$this->ldapTime += $time_end - $time_start;
if ($this->ldap->getErrno() === LDAP::ERR_SUCCESS && $lri) {
$user = new User($row);
$modified = false;
if (count($lri) == 1) {
$lr = $lri->current();
$modified = $userSync->sync($user, $lr);
if ($row['ldap_uid'] != $lr->getLogin()) {
$this->getLdapUserManager()->updateLdapUid($user, $lr->getLogin());
}
} elseif (count($lri) == 0) {
// User not found in LDAP directory
$modified = true;
$user->setStatus('S');
$user->setUnixStatus('D');
}
if ($modified) {
$this->getUserManager()->updateDb($user);
}
}
}
/**
* Format LDAP url for apache mod_ldap
*
* Combine ldap parameter 'sys_ldap_server' and 'sys_ldap_dn' to
* generate an Apache mod_authnz_ldap compatible url
*
* @see http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl
*
* @return String
*/
public function getLDAPServersUrl()
{
if ($this->ldapUrl === null) {
$serverList = explode(',', $this->ldap->getLDAPParam('server'));
$firstIsLdaps = false;
foreach ($serverList as $k => $server) {
$server = strtolower(trim($server));
if ($k == 0 && strpos($server, 'ldaps://') === 0) {
$firstIsLdaps = true;
}
$server = str_replace('ldap://', '', $server);
$server = str_replace('ldaps://', '', $server);
$serverList[$k] = $server;
}
if ($firstIsLdaps) {
$this->ldapUrl = 'ldaps://';
} else {
$this->ldapUrl = 'ldap://';
}
$this->ldapUrl .= implode(' ', $serverList) . '/' . $this->ldap->getLDAPParam('dn');
}
return $this->ldapUrl;
}
/**
* @return String
*/
public function getProjectAuthentication($row)
{
$conf = parent::getProjectAuthentication($row);
$server_list = $this->escapeStringForApacheConf($this->ldap->getLDAPParam('server'));
$ldap_dn = $this->escapeStringForApacheConf($this->ldap->getLDAPParam('dn'));
$ldap_uid = $this->escapeStringForApacheConf($this->ldap->getLDAPParam('uid'));
$conf .= ' TuleapLdapServers "' . $server_list . '"' . PHP_EOL;
$conf .= ' TuleapLdapDN "' . $ldap_dn . '"' . PHP_EOL;
$conf .= ' TuleapLdapUid "' . $ldap_uid . '"' . PHP_EOL;
if ($this->ldap->getLDAPParam('bind_dn')) {
$ldap_bind_dn = $this->escapeStringForApacheConf($this->ldap->getLDAPParam('bind_dn'));
$ldap_bind_passwd = $this->escapeStringForApacheConf($this->ldap->getLDAPParam('bind_dn'));
$conf .= ' TuleapLdapBindDN "' . $ldap_bind_dn . '"' . PHP_EOL;
$conf .= ' TuleapLdapBindPassword "' . $ldap_bind_passwd . '"' . PHP_EOL;
}
return $conf;
}
protected function getCleanUpManager()
{
return new LDAP_CleanUpManager($this->ldap->getLDAPParam('daily_sync_retention_period'));
}
private function getUserDN(PFUser $user)
{
return $this->getUserRDN($user) . ',' . $this->ldap->getLDAPParam('write_people_dn');
}
private function getAttribute()
{
if ($this->ldap->getLDAPParam('uid') && $this->ldap->getLDAPParam('uid') != self::DEFAULT_ATTRIBUTE) {
return '?' . $this->ldap->getLDAPParam('uid');
}
}
