print $langs->trans("LDAPSynchronizationNotSetupInDolibarr");
	exit 1;
}
*/

$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."usergroup";

$resql = $db->query($sql);
if ($resql)
{
	$num = $db->num_rows($resql);
	$i = 0;

	$ldap=new Ldap();
	$ldap->connect_bind();

	while ($i < $num)
	{
		$ldap->error="";

		$obj = $db->fetch_object($resql);

		$fgroup = new UserGroup($db);
		$fgroup->id = $obj->rowid;
		$fgroup->fetch($fgroup->id);

		print $langs->trans("UpdateGroup")." rowid=".$fgroup->id." ".$fgroup->name;

		$oldobject=$fgroup;
 * Test de la connexion
 */
$butlabel = $langs->trans("LDAPTestSynchroContact");
$testlabel = 'test';
$key = $conf->global->LDAP_KEY_CONTACTS;
$dn = $conf->global->LDAP_CONTACT_DN;
$objectclass = $conf->global->LDAP_CONTACT_OBJECT_CLASS;
show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
if (function_exists("ldap_connect")) {
    if ($_GET["action"] == 'test') {
        // Creation objet
        $object = new Contact($db);
        $object->initAsSpecimen();
        // Test synchro
        $ldap = new Ldap();
        $result = $ldap->connect_bind();
        if ($result > 0) {
            $info = $object->_load_ldap_info();
            $dn = $object->_load_ldap_dn($info);
            $result1 = $ldap->delete($dn);
            // To be sure to delete existing records
            $result2 = $ldap->add($dn, $info, $user);
            // Now the test
            $result3 = $ldap->delete($dn);
            // Clean what we did
            if ($result2 > 0) {
                print img_picto('', 'info') . ' ';
                print '<font class="ok">' . $langs->trans("LDAPSynchroOK") . '</font><br>';
            } else {
                print img_picto('', 'error') . ' ';
                print '<font class="error">' . $langs->trans("LDAPSynchroKOMayBePermissions");
Пример #3
0
/**
 * Check validity of user/password/entity
 * If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
 *
 * @param	string	$usertotest		Login
 * @param	string	$passwordtotest	Password
 * @param   int		$entitytotest   Number of instance (always 1 if module multicompany not enabled)
 * @return	string					Login if OK, '' if KO
 */
function check_user_password_ldap($usertotest, $passwordtotest, $entitytotest)
{
    global $db, $conf, $langs;
    global $_POST;
    global $dolibarr_main_auth_ldap_host, $dolibarr_main_auth_ldap_port;
    global $dolibarr_main_auth_ldap_version, $dolibarr_main_auth_ldap_servertype;
    global $dolibarr_main_auth_ldap_login_attribute, $dolibarr_main_auth_ldap_dn;
    global $dolibarr_main_auth_ldap_admin_login, $dolibarr_main_auth_ldap_admin_pass;
    global $dolibarr_main_auth_ldap_filter;
    global $dolibarr_main_auth_ldap_debug;
    // Force master entity in transversal mode
    $entity = $entitytotest;
    if (!empty($conf->multicompany->enabled) && !empty($conf->multicompany->transverse_mode)) {
        $entity = 1;
    }
    $login = '';
    $resultFetchUser = '';
    if (!function_exists("ldap_connect")) {
        dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP. LDAP functions are disabled on this PHP");
        sleep(1);
        $langs->load('main');
        $langs->load('other');
        $_SESSION["dol_loginmesg"] = $langs->trans("ErrorLDAPFunctionsAreDisabledOnThisPHP") . ' ' . $langs->trans("TryAnotherConnectionMode");
        return;
    }
    if ($usertotest) {
        dol_syslog("functions_ldap::check_user_password_ldap usertotest=" . $usertotest . " passwordtotest=" . preg_replace('/./', '*', $passwordtotest) . " entitytotest=" . $entitytotest);
        // If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
        $ldaphost = $dolibarr_main_auth_ldap_host;
        $ldapport = $dolibarr_main_auth_ldap_port;
        $ldapversion = $dolibarr_main_auth_ldap_version;
        $ldapservertype = empty($dolibarr_main_auth_ldap_servertype) ? 'openldap' : $dolibarr_main_auth_ldap_servertype;
        $ldapuserattr = $dolibarr_main_auth_ldap_login_attribute;
        $ldapdn = $dolibarr_main_auth_ldap_dn;
        $ldapadminlogin = $dolibarr_main_auth_ldap_admin_login;
        $ldapadminpass = $dolibarr_main_auth_ldap_admin_pass;
        $ldapdebug = empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug == "false" ? false : true;
        if ($ldapdebug) {
            print "DEBUG: Logging LDAP steps<br>\n";
        }
        require_once DOL_DOCUMENT_ROOT . '/core/class/ldap.class.php';
        $ldap = new Ldap();
        $ldap->server = explode(',', $ldaphost);
        $ldap->serverPort = $ldapport;
        $ldap->ldapProtocolVersion = $ldapversion;
        $ldap->serverType = $ldapservertype;
        $ldap->searchUser = $ldapadminlogin;
        $ldap->searchPassword = $ldapadminpass;
        if ($ldapdebug) {
            dol_syslog("functions_ldap::check_user_password_ldap Server:" . join(',', $ldap->server) . ", Port:" . $ldap->serverPort . ", Protocol:" . $ldap->ldapProtocolVersion . ", Type:" . $ldap->serverType);
            dol_syslog("functions_ldap::check_user_password_ldap uid/samacountname=" . $ldapuserattr . ", dn=" . $ldapdn . ", Admin:" . $ldap->searchUser . ", Pass:"******"DEBUG: Server:" . join(',', $ldap->server) . ", Port:" . $ldap->serverPort . ", Protocol:" . $ldap->ldapProtocolVersion . ", Type:" . $ldap->serverType . "<br>\n";
            print "DEBUG: uid/samacountname=" . $ldapuserattr . ", dn=" . $ldapdn . ", Admin:" . $ldap->searchUser . ", Pass:"******"<br>\n";
        }
        $resultFetchLdapUser = 0;
        // Define $userSearchFilter
        $userSearchFilter = "";
        if (empty($dolibarr_main_auth_ldap_filter)) {
            $userSearchFilter = "(" . $ldapuserattr . "=" . $usertotest . ")";
        } else {
            $userSearchFilter = str_replace('%1%', $usertotest, $dolibarr_main_auth_ldap_filter);
        }
        // If admin login provided
        // Code to get user in LDAP from an admin connection (may differ from user connection, done later)
        if ($ldapadminlogin) {
            $result = $ldap->connect_bind();
            if ($result > 0) {
                $resultFetchLdapUser = $ldap->fetch($usertotest, $userSearchFilter);
                //dol_syslog('functions_ldap::check_user_password_ldap resultFetchLdapUser='******'functions_ldap::check_user_password_ldap ' . $usertotest . ' must change password next logon');
                    if ($ldapdebug) {
                        print "DEBUG: User " . $usertotest . " must change password<br>\n";
                    }
                    $ldap->close();
                    sleep(1);
                    $langs->load('ldap');
                    $_SESSION["dol_loginmesg"] = $langs->trans("YouMustChangePassNextLogon", $usertotest, $ldap->domainFQDN);
                    return '';
                }
            } else {
                if ($ldapdebug) {
                    print "DEBUG: " . $ldap->error . "<br>\n";
                }
            }
            $ldap->close();
        }
        // Forge LDAP user and password to test with them
        // If LDAP need a dn with login like "uid=jbloggs,ou=People,dc=foo,dc=com", default dn may work even if previous code with
        // admin login no exectued.
        $ldap->searchUser = $ldapuserattr . "=" . $usertotest . "," . $ldapdn;
        // Default dn (will work if LDAP accept a dn with login value inside)
        // But if LDAP need a dn with name like "cn=Jhon Bloggs,ou=People,dc=foo,dc=com", previous part must have been executed to have
        // dn detected into ldapUserDN.
        if ($resultFetchLdapUser and !empty($ldap->ldapUserDN)) {
            $ldap->searchUser = $ldap->ldapUserDN;
        }
        $ldap->searchPassword = $passwordtotest;
        // Test with this->seachUser and this->searchPassword
        //print $resultFetchLdapUser."-".$ldap->ldapUserDN."-".$ldap->searchUser.'-'.$ldap->searchPassword;exit;
        $result = $ldap->connect_bind();
        if ($result > 0) {
            if ($result == 2) {
                dol_syslog("functions_ldap::check_user_password_ldap Authentification ok");
                $login = $usertotest;
                // ldap2dolibarr synchronisation
                if ($login && !empty($conf->ldap->enabled) && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') {
                    dol_syslog("functions_ldap::check_user_password_ldap Sync ldap2dolibarr");
                    // On charge les attributs du user ldap
                    if ($ldapdebug) {
                        print "DEBUG: login ldap = " . $login . "<br>\n";
                    }
                    $resultFetchLdapUser = $ldap->fetch($login, $userSearchFilter);
                    if ($ldapdebug) {
                        print "DEBUG: UACF = " . join(',', $ldap->uacf) . "<br>\n";
                    }
                    if ($ldapdebug) {
                        print "DEBUG: pwdLastSet = " . dol_print_date($ldap->pwdlastset, 'day') . "<br>\n";
                    }
                    if ($ldapdebug) {
                        print "DEBUG: badPasswordTime = " . dol_print_date($ldap->badpwdtime, 'day') . "<br>\n";
                    }
                    // On recherche le user dolibarr en fonction de son SID ldap
                    $sid = $ldap->getObjectSid($login);
                    if ($ldapdebug) {
                        print "DEBUG: sid = " . $sid . "<br>\n";
                    }
                    $usertmp = new User($db);
                    $resultFetchUser = $usertmp->fetch('', $login, $sid);
                    if ($resultFetchUser > 0) {
                        dol_syslog("functions_ldap::check_user_password_ldap Sync user found user id=" . $usertmp->id);
                        // On verifie si le login a change et on met a jour les attributs dolibarr
                        if ($usertmp->login != $ldap->login && $ldap->login) {
                            $usertmp->login = $ldap->login;
                            $usertmp->update($usertmp);
                            // TODO Que faire si update echoue car on update avec un login deja existant.
                        }
                        //$resultUpdate = $usertmp->update_ldap2dolibarr($ldap);
                    }
                    unset($usertmp);
                }
                if (!empty($conf->multicompany->enabled)) {
                    global $mc;
                    $usertmp = new User($db);
                    $usertmp->fetch('', $login);
                    $ret = $mc->checkRight($usertmp->id, $entitytotest);
                    if ($ret < 0) {
                        dol_syslog("functions_ldap::check_user_password_ldap Authentification ko entity '" . $entitytotest . "' not allowed for user '" . $usertmp->id . "'");
                        $login = '';
                        // force authentication failure
                    }
                    unset($usertmp);
                }
            }
            if ($result == 1) {
                dol_syslog("functions_ldap::check_user_password_ldap Authentification ko bad user/password for '" . $usertotest . "'");
                sleep(1);
                $langs->load('main');
                $langs->load('other');
                $_SESSION["dol_loginmesg"] = $langs->trans("ErrorBadLoginPassword");
            }
        } else {
            /* Login failed. Return false, together with the error code and text from
             ** the LDAP server. The common error codes and reasons are listed below :
             ** (for iPlanet, other servers may differ)
             ** 19 - Account locked out (too many invalid login attempts)
             ** 32 - User does not exist
             ** 49 - Wrong password
             ** 53 - Account inactive (manually locked out by administrator)
             */
            dol_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP for '" . $usertotest . "'");
            if (is_resource($ldap->connection)) {
                $ldap->ldapErrorCode = ldap_errno($ldap->connection);
                $ldap->ldapErrorText = ldap_error($ldap->connection);
                dol_syslog("functions_ldap::check_user_password_ldap " . $ldap->ldapErrorCode . " " . $ldap->ldapErrorText);
            }
            sleep(1);
            $langs->load('main');
            $langs->load('other');
            $langs->load('errors');
            $_SESSION["dol_loginmesg"] = $ldap->error ? $ldap->error : $langs->trans("ErrorBadLoginPassword");
        }
        $ldap->close();
    }
    return $login;
}
 /**
  *      Function called when a Dolibarrr business event is done.
  *      All functions "run_trigger" are triggered if file is inside directory htdocs/includes/triggers
  *      @param      action      Event code (COMPANY_CREATE, PROPAL_VALIDATE, ...)
  *      @param      object      Object action is done on
  *      @param      user        Object user
  *      @param      langs       Object langs
  *      @param      conf        Object conf
  *      @return     int         <0 if KO, 0 if no action are done, >0 if OK
  */
 function run_trigger($action, $object, $user, $langs, $conf)
 {
     if (empty($conf->ldap->enabled)) {
         return 0;
     }
     // Module not active, we do nothing
     if (!function_exists('ldap_connect')) {
         dol_syslog("Warning, module LDAP is enabled but LDAP functions not available in this PHP", LOG_WARNING);
         return 0;
     }
     // Users
     if ($action == 'USER_CREATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->add($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'USER_MODIFY') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (sizeof($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'USER_NEW_PASSWORD') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (sizeof($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'USER_ENABLEDISABLE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
     } elseif ($action == 'USER_DELETE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->delete($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'GROUP_CREATE') {
         if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             // Get a gid number for objectclass PosixGroup
             if (in_array('posixGroup', $info['objectclass'])) {
                 $info['gidNumber'] = $ldap->getNextGroupGid();
             }
             $result = $ldap->add($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'GROUP_MODIFY') {
         if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (sizeof($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'GROUP_DELETE') {
         if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->delete($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'CONTACT_CREATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_CONTACT_ACTIVE) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->add($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'CONTACT_MODIFY') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_CONTACT_ACTIVE) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (sizeof($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'CONTACT_DELETE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_CONTACT_ACTIVE) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->delete($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'MEMBER_CREATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_MEMBER_ACTIVE) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->add($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'MEMBER_VALIDATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_MEMBER_ACTIVE) {
             # If status field is setup to be synchronized
             if ($conf->global->LDAP_FIELD_MEMBER_STATUS) {
                 $ldap = new Ldap();
                 $ldap->connect_bind();
                 $info = $object->_load_ldap_info();
                 $dn = $object->_load_ldap_dn($info);
                 $olddn = $dn;
                 // We know olddn=dn as we change only status
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP" . " " . $ldap->error;
                 }
                 return $result;
             }
         }
     } elseif ($action == 'MEMBER_SUBSCRIPTION') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_MEMBER_ACTIVE) {
             # If subscriptions fields are setup to be synchronized
             if ($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE || $conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT || $conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE || $conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT || $conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION) {
                 $ldap = new Ldap();
                 $ldap->connect_bind();
                 $info = $object->_load_ldap_info();
                 $dn = $object->_load_ldap_dn($info);
                 $olddn = $dn;
                 // We know olddn=dn as we change only subscriptions
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP" . " " . $ldap->error;
                 }
                 return $result;
             }
         }
     } elseif ($action == 'MEMBER_MODIFY') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_MEMBER_ACTIVE) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (sizeof($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'MEMBER_NEW_PASSWORD') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_MEMBER_ACTIVE) {
             # If password field is setup to be synchronized
             if ($conf->global->LDAP_FIELD_PASSWORD || $conf->global->LDAP_FIELD_PASSWORD_CRYPTED) {
                 $ldap = new Ldap();
                 $ldap->connect_bind();
                 $info = $object->_load_ldap_info();
                 $dn = $object->_load_ldap_dn($info);
                 $olddn = $dn;
                 // We know olddn=dn as we change only password
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP" . " " . $ldap->error;
                 }
                 return $result;
             }
         }
     } elseif ($action == 'MEMBER_RESILIATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_MEMBER_ACTIVE) {
             # If status field is setup to be synchronized
             if ($conf->global->LDAP_FIELD_MEMBER_STATUS) {
                 $ldap = new Ldap();
                 $ldap->connect_bind();
                 $info = $object->_load_ldap_info();
                 $dn = $object->_load_ldap_dn($info);
                 $olddn = $dn;
                 // We know olddn=dn as we change only status
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP" . " " . $ldap->error;
                 }
                 return $result;
             }
         }
     } elseif ($action == 'MEMBER_DELETE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if ($conf->ldap->enabled && $conf->global->LDAP_MEMBER_ACTIVE) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->delete($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP" . " " . $ldap->error;
             }
             return $result;
         }
     }
     // If not found
     /*
             else
             {
                 dol_syslog("Trigger '".$this->name."' for action '$action' was ran by ".__FILE__." but no handler found for this action.");
     			return -1;
             }
     */
     return 0;
 }
 /**
  * Function called when a Dolibarrr business event is done.
  * All functions "runTrigger" are triggered if file is inside directory htdocs/core/triggers or htdocs/module/code/triggers (and declared)
  *
  * @param string		$action		Event action code
  * @param Object		$object     Object
  * @param User		    $user       Object user
  * @param Translate 	$langs      Object langs
  * @param conf		    $conf       Object conf
  * @return int         				<0 if KO, 0 if no triggered ran, >0 if OK
  */
 public function runTrigger($action, $object, User $user, Translate $langs, Conf $conf)
 {
     if (empty($conf->ldap->enabled)) {
         return 0;
     }
     // Module not active, we do nothing
     if (!function_exists('ldap_connect')) {
         dol_syslog("Warning, module LDAP is enabled but LDAP functions not available in this PHP", LOG_WARNING);
         return 0;
     }
     // Users
     if ($action == 'USER_CREATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->add($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'USER_MODIFY') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             if (empty($object->oldcopy) || !is_object($object->oldcopy)) {
                 dol_syslog("Trigger " . $action . " was called by a function that did not set previously the property ->oldcopy onto object", LOG_WARNING);
                 $object->oldcopy = dol_clone($object);
             }
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (count($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'USER_NEW_PASSWORD') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             if (empty($object->oldcopy) || !is_object($object->oldcopy)) {
                 dol_syslog("Trigger " . $action . " was called by a function that did not set previously the property ->oldcopy onto object", LOG_WARNING);
                 $object->oldcopy = dol_clone($object);
             }
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (count($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'USER_ENABLEDISABLE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
     } elseif ($action == 'USER_DELETE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->delete($dn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'USER_SETINGROUP') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             // Must edit $object->newgroupid
             $usergroup = new UserGroup($this->db);
             if ($object->newgroupid > 0) {
                 $usergroup->fetch($object->newgroupid);
                 $oldinfo = $usergroup->_load_ldap_info();
                 $olddn = $usergroup->_load_ldap_dn($oldinfo);
                 // Verify if entry exist
                 $container = $usergroup->_load_ldap_dn($oldinfo, 1);
                 $search = "(" . $usergroup->_load_ldap_dn($oldinfo, 2) . ")";
                 $records = $ldap->search($container, $search);
                 if (count($records) && $records['count'] == 0) {
                     $olddn = '';
                 }
                 $info = $usergroup->_load_ldap_info();
                 // Contains all members, included the new one (insert already done before trigger call)
                 $dn = $usergroup->_load_ldap_dn($info);
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP " . $ldap->error;
                 }
             }
             return $result;
         }
     } elseif ($action == 'USER_REMOVEFROMGROUP') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             // Must edit $object->newgroupid
             $usergroup = new UserGroup($this->db);
             if ($object->oldgroupid > 0) {
                 $usergroup->fetch($object->oldgroupid);
                 $oldinfo = $usergroup->_load_ldap_info();
                 $olddn = $usergroup->_load_ldap_dn($oldinfo);
                 // Verify if entry exist
                 $container = $usergroup->_load_ldap_dn($oldinfo, 1);
                 $search = "(" . $usergroup->_load_ldap_dn($oldinfo, 2) . ")";
                 $records = $ldap->search($container, $search);
                 if (count($records) && $records['count'] == 0) {
                     $olddn = '';
                 }
                 $info = $usergroup->_load_ldap_info();
                 // Contains all members, included the new one (insert already done before trigger call)
                 $dn = $usergroup->_load_ldap_dn($info);
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP " . $ldap->error;
                 }
             }
             return $result;
         }
     } elseif ($action == 'GROUP_CREATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             // Get a gid number for objectclass PosixGroup
             if (in_array('posixGroup', $info['objectclass'])) {
                 $info['gidNumber'] = $ldap->getNextGroupGid();
             }
             $result = $ldap->add($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'GROUP_MODIFY') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             if (empty($object->oldcopy) || !is_object($object->oldcopy)) {
                 dol_syslog("Trigger " . $action . " was called by a function that did not set previously the property ->oldcopy onto object", LOG_WARNING);
                 $object->oldcopy = dol_clone($object);
             }
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (count($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'GROUP_DELETE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_SYNCHRO_ACTIVE) && $conf->global->LDAP_SYNCHRO_ACTIVE === 'dolibarr2ldap') {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->delete($dn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'CONTACT_CREATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_CONTACT_ACTIVE)) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->add($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'CONTACT_MODIFY') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_CONTACT_ACTIVE)) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             if (empty($object->oldcopy) || !is_object($object->oldcopy)) {
                 dol_syslog("Trigger " . $action . " was called by a function that did not set previously the property ->oldcopy onto object", LOG_WARNING);
                 $object->oldcopy = dol_clone($object);
             }
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (count($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'CONTACT_DELETE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_CONTACT_ACTIVE)) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->delete($dn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'MEMBER_CREATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_MEMBER_ACTIVE)) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->add($dn, $info, $user);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'MEMBER_VALIDATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_MEMBER_ACTIVE)) {
             // If status field is setup to be synchronized
             if (!empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) {
                 $ldap = new Ldap();
                 $ldap->connect_bind();
                 $info = $object->_load_ldap_info();
                 $dn = $object->_load_ldap_dn($info);
                 $olddn = $dn;
                 // We know olddn=dn as we change only status
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP " . $ldap->error;
                 }
                 return $result;
             }
         }
     } elseif ($action == 'MEMBER_SUBSCRIPTION') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_MEMBER_ACTIVE)) {
             // If subscriptions fields are setup to be synchronized
             if ($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE || $conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_AMOUNT || $conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_DATE || $conf->global->LDAP_FIELD_MEMBER_LASTSUBSCRIPTION_AMOUNT || $conf->global->LDAP_FIELD_MEMBER_END_LASTSUBSCRIPTION) {
                 $ldap = new Ldap();
                 $ldap->connect_bind();
                 $info = $object->_load_ldap_info();
                 $dn = $object->_load_ldap_dn($info);
                 $olddn = $dn;
                 // We know olddn=dn as we change only subscriptions
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP " . $ldap->error;
                 }
                 return $result;
             }
         }
     } elseif ($action == 'MEMBER_MODIFY') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_MEMBER_ACTIVE)) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             if (empty($object->oldcopy) || !is_object($object->oldcopy)) {
                 dol_syslog("Trigger " . $action . " was called by a function that did not set previously the property ->oldcopy onto object", LOG_WARNING);
                 $object->oldcopy = dol_clone($object);
             }
             $oldinfo = $object->oldcopy->_load_ldap_info();
             $olddn = $object->oldcopy->_load_ldap_dn($oldinfo);
             // Verify if entry exist
             $container = $object->oldcopy->_load_ldap_dn($oldinfo, 1);
             $search = "(" . $object->oldcopy->_load_ldap_dn($oldinfo, 2) . ")";
             $records = $ldap->search($container, $search);
             if (count($records) && $records['count'] == 0) {
                 $olddn = '';
             }
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->update($dn, $info, $user, $olddn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     } elseif ($action == 'MEMBER_NEW_PASSWORD') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_MEMBER_ACTIVE)) {
             // If password field is setup to be synchronized
             if ($conf->global->LDAP_FIELD_PASSWORD || $conf->global->LDAP_FIELD_PASSWORD_CRYPTED) {
                 $ldap = new Ldap();
                 $ldap->connect_bind();
                 $info = $object->_load_ldap_info();
                 $dn = $object->_load_ldap_dn($info);
                 $olddn = $dn;
                 // We know olddn=dn as we change only password
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP " . $ldap->error;
                 }
                 return $result;
             }
         }
     } elseif ($action == 'MEMBER_RESILIATE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_MEMBER_ACTIVE)) {
             // If status field is setup to be synchronized
             if (!empty($conf->global->LDAP_FIELD_MEMBER_STATUS)) {
                 $ldap = new Ldap();
                 $ldap->connect_bind();
                 $info = $object->_load_ldap_info();
                 $dn = $object->_load_ldap_dn($info);
                 $olddn = $dn;
                 // We know olddn=dn as we change only status
                 $result = $ldap->update($dn, $info, $user, $olddn);
                 if ($result < 0) {
                     $this->error = "ErrorLDAP " . $ldap->error;
                 }
                 return $result;
             }
         }
     } elseif ($action == 'MEMBER_DELETE') {
         dol_syslog("Trigger '" . $this->name . "' for action '{$action}' launched by " . __FILE__ . ". id=" . $object->id);
         if (!empty($conf->global->LDAP_MEMBER_ACTIVE)) {
             $ldap = new Ldap();
             $ldap->connect_bind();
             $info = $object->_load_ldap_info();
             $dn = $object->_load_ldap_dn($info);
             $result = $ldap->delete($dn);
             if ($result < 0) {
                 $this->error = "ErrorLDAP " . $ldap->error;
             }
             return $result;
         }
     }
     // If not found
     /*
             else
             {
                 dol_syslog("Trigger '".$this->name."' for action '$action' was ran by ".__FILE__." but no handler found for this action.");
     			return -1;
             }
     */
     return 0;
 }