public function getError() { return ldap_error($this->_ldapConn->getLink()); }
/** * * php groupofficecli.php -r=ldapauth/sync/groups --delete=1 --max_delete_percentage=34 --dry=1 * * @param type $params * @throws Exception */ protected function actionGroups($params) { $this->requireCli(); \GO::session()->runAsRoot(); $dryRun = !empty($params['dry']); if ($dryRun) { echo "Dry run enabled.\n\n"; } $ldapConn = \GO\Base\Ldap\Connection::getDefault(); if (empty(\GO::config()->ldap_groupsdn)) { throw new \Exception('$config[\'ldap_groupsdn\'] is not set!'); } $result = $ldapConn->search(\GO::config()->ldap_groupsdn, 'cn=*'); // $record = $result->fetch(); // $attr = $record->getAttributes(); // var_dump($attr); // exit(); // //keep an array of groups that exist in ldap. This array will be used later for deletes. //admin group is not in ldap but should not be removed. $groupsInLDAP = array(\GO::config()->group_root, \GO::config()->group_everyone, \GO::config()->group_internal); $i = 0; while ($record = $result->fetch()) { $i++; try { $groupname = $record->cn[0]; if (empty($groupname)) { throw new \Exception("Empty group name in LDAP record!"); } $group = \GO\Base\Model\Group::model()->findByName($groupname); if (!$group) { echo "Creating group '" . $groupname . "'\n"; $group = new \GO\Base\Model\Group(); $group->name = $groupname; if (!$dryRun && !$group->save()) { echo "Error saving group: " . implode("\n", $group->getValidationErrors()); } } else { echo "Group '" . $groupname . "' exists\n"; } $usersInGroup = array(); foreach ($record->memberuid as $username) { $user = \GO\Base\Model\User::model()->findSingleByAttribute('username', $username); if (!$user) { echo "Error: user '" . $username . "' does not exist in Group-Office\n"; } else { echo "Adding user '{$username}'\n"; if (!$dryRun) { $group->addUser($user->id); } $usersInGroup[] = $user->id; } } echo "Removing users from group\n"; $findParams = \GO\Base\Db\FindParams::newInstance(); $findParams->getCriteria()->addInCondition('user_id', $usersInGroup, 'link_t', true, true); $usersToRemove = $group->users($findParams); foreach ($usersToRemove as $user) { echo "Removing user '" . $user->username . "'\n"; if (!$dryRun) { $group->removeUser($user->id); } } if (!$dryRun) { $this->fireEvent("ldapsyncgroup", array($group, $record)); } echo "Synced " . $groupname . "\n"; } catch (\Exception $e) { echo "ERROR:\n"; echo (string) $e; echo "LDAP record:"; var_dump($record->getAttributes()); } if ($group) { $groupsInLDAP[] = $group->id; } // if($i==100) // exit("Reached 100. Exitting"); } $stmt = \GO\Base\Model\Group::model()->find(); $totalInGO = $stmt->rowCount(); $totalInLDAP = count($groupsInLDAP); echo "Groups in Group-Office: " . $totalInGO . "\n"; echo "Groups in LDAP: " . $totalInLDAP . "\n"; if (!empty($params['delete'])) { $percentageToDelete = round((1 - $totalInLDAP / $totalInGO) * 100); $maxDeletePercentage = isset($params['max_delete_percentage']) ? intval($params['max_delete_percentage']) : 5; if ($percentageToDelete > $maxDeletePercentage) { die("Delete Aborted because script was about to delete more then {$maxDeletePercentage}% of the groups (" . $percentageToDelete . "%, " . ($totalInGO - $totalInLDAP) . " groups)\n"); } while ($group = $stmt->fetch()) { if (!in_array($group->id, $groupsInLDAP)) { echo "Deleting " . $group->name . "\n"; if (!$dryRun) { $group->delete(); } } } } echo "Done\n\n"; //var_dump($attr); }