protected function execute(InputInterface $input, OutputInterface $output)
{
$logins = $input->getOption('login');
$skipExisting = $input->getOption('skip-existing');
if (empty($logins)) {
$logins = $this->ldapUsers->getAllUserLogins();
}
$count = 0;
$failed = array();
foreach ($logins as $login) {
if ($skipExisting && $this->userExistsInPiwik($login)) {
$output->write("Skipping '{$login}', already exists in Piwik...");
continue;
}
$output->write("Synchronizing '{$login}'... ");
try {
$this->loginLdapAPI->synchronizeUser($login);
++$count;
$output->writeln("<info>success!</info>");
} catch (Exception $ex) {
$failed[] = array('login' => $login, 'reason' => $ex->getMessage());
$output->writeln("<error>failed!</error>");
}
}
$this->writeSuccessMessage($output, array("Synchronized {$count} users!"));
if (!empty($failed)) {
$output->writeln("<info>Could not synchronize the following users in LDAP:</info>");
foreach ($failed as $missingLogin) {
$output->writeln($missingLogin['login'] . "\t\t<comment>{$missingLogin['reason']}</comment>");
}
}
return count($failed);
}
/**
* Synchronizes a single user in LDAP. This method can be used by superusers to synchronize
* a user before (s)he logs in.
*
* @param string $login The login of the user.
* @throws Exception if the user cannot be found or a problem occurs during synchronization.
*/
public function synchronizeUser($login)
{
Piwik::checkUserHasSuperUserAccess();
$ldapUser = $this->ldapUsers->getUser($login);
if (empty($ldapUser)) {
throw new Exception(Piwik::translate('LoginLdap_UserNotFound', $login));
}
$this->userSynchronizer->synchronizeLdapUser($login, $ldapUser);
$this->userSynchronizer->synchronizePiwikAccessFromLdap($login, $ldapUser);
}
protected function authenticateByLdap()
{
$this->checkLdapFunctionsAvailable();
$ldapUser = $this->ldapUsers->authenticate($this->login, $this->password);
if (!empty($ldapUser)) {
$this->synchronizeLdapUser($ldapUser);
return true;
} else {
return false;
}
}
private function setSingleLdapServer()
{
$this->ldapUsers->setLdapServers(array(new ServerInfo("localhost", self::TEST_BASE_DN, 389, self::TEST_ADMIN_USER)));
}
/**
* Returns a WebServerAuth instance configured with INI config.
* @return SynchronizedAuth
*/
public static function makeConfigured()
{
$result = new SynchronizedAuth();
$result->setLdapUsers(LdapUsers::makeConfigured());
$result->setUsersManagerAPI(UsersManagerAPI::getInstance());
$result->setUsersModel(new UserModel());
$result->setUserSynchronizer(UserSynchronizer::makeConfigured());
$synchronizeUsersAfterSuccessfulLogin = Config::getShouldSynchronizeUsersAfterLogin();
$result->setSynchronizeUsersAfterSuccessfulLogin($synchronizeUsersAfterSuccessfulLogin);
return $result;
}
/**
* Returns a WebServerAuth instance configured with INI config.
*
* @return LdapAuth
*/
public static function makeConfigured()
{
$result = new LdapAuth();
$result->setLdapUsers(LdapUsers::makeConfigured());
$result->setUsersManagerAPI(UsersManagerAPI::getInstance());
$result->setUsersModel(new UserModel());
$result->setUserSynchronizer(UserSynchronizer::makeConfigured());
Log::debug("LdapAuth::%s: creating with configured components", __FUNCTION__);
return $result;
}
/**
* Returns a WebServerAuth instance configured with INI config.
*
* @return WebServerAuth
*/
public static function makeConfigured()
{
$result = new WebServerAuth();
$result->setLdapUsers(LdapUsers::makeConfigured());
$result->setUsersManagerAPI(UsersManagerAPI::getInstance());
$result->setUsersModel(new UserModel());
$result->setUserSynchronizer(UserSynchronizer::makeConfigured());
$synchronizeUsersAfterSuccessfulLogin = Config::getShouldSynchronizeUsersAfterLogin();
$result->setSynchronizeUsersAfterSuccessfulLogin($synchronizeUsersAfterSuccessfulLogin);
if (Config::getUseLdapForAuthentication()) {
$fallbackAuth = LdapAuth::makeConfigured();
} else {
$fallbackAuth = SynchronizedAuth::makeConfigured();
}
$result->setFallbackAuth($fallbackAuth);
return $result;
}
/**
* Creates a new {@link LdapUsers} instance using config.ini.php values.
*
* @return LdapUsers
*/
public static function makeConfigured()
{
$result = new LdapUsers();
$result->setLdapServers(Config::getConfiguredLdapServers());
$usernameSuffix = Config::getLdapUserEmailSuffix();
if (!empty($usernameSuffix)) {
$result->setAuthenticationUsernameSuffix($usernameSuffix);
}
$requiredMemberOf = Config::getRequiredMemberOf();
if (!empty($requiredMemberOf)) {
$result->setAuthenticationRequiredMemberOf($requiredMemberOf);
}
$memberOfField = Config::getRequiredMemberOfField();
if (!empty($memberOfField)) {
$result->setAuthenticationMemberOfField($memberOfField);
}
$filter = Config::getLdapUserFilter();
if (!empty($filter)) {
$result->setAuthenticationLdapFilter($filter);
}
$timeoutSecs = Config::getLdapNetworkTimeout();
if (!empty($timeoutSecs)) {
$result->setLdapNetworkTimeout($timeoutSecs);
}
$result->setLdapUserMapper(UserMapper::makeConfigured());
Log::debug("LdapUsers::%s: configuring with userEmailSuffix = %s, requiredMemberOf = %s, filter = %s, timeoutSecs = %s", __FUNCTION__, $usernameSuffix, $requiredMemberOf, $filter, $timeoutSecs);
return $result;
}
/**
* Returns a WebServerAuth instance configured with INI config.
*
* @return LdapAuth
*/
public static function makeConfigured()
{
$result = new LdapAuth();
$result->setLdapUsers(LdapUsers::makeConfigured());
$result->setUsersManagerAPI(UsersManagerAPI::getInstance());
$result->setUsersModel(new UserModel());
$result->setUserSynchronizer(UserSynchronizer::makeConfigured());
return $result;
}
/**
* Creates a new {@link LdapUsers} instance using config.ini.php values.
*
* @return LdapUsers
*/
public static function makeConfigured()
{
$result = new LdapUsers();
$result->setLdapServers(Config::getConfiguredLdapServers());
$usernameSuffix = Config::getLdapUserEmailSuffix();
if (!empty($usernameSuffix)) {
$result->setAuthenticationUsernameSuffix($usernameSuffix);
}
$requiredMemberOf = Config::getRequiredMemberOf();
if (!empty($requiredMemberOf)) {
$result->setAuthenticationRequiredMemberOf($requiredMemberOf);
}
$memberOfField = Config::getRequiredMemberOfField();
if (!empty($memberOfField)) {
$result->setAuthenticationMemberOfField($memberOfField);
}
$filter = Config::getLdapUserFilter();
if (!empty($filter)) {
$result->setAuthenticationLdapFilter($filter);
}
$timeoutSecs = Config::getLdapNetworkTimeout();
if (!empty($timeoutSecs)) {
$result->setLdapNetworkTimeout($timeoutSecs);
}
$result->setLdapUserMapper(UserMapper::makeConfigured());
return $result;
}
