/**
* Change the password of the ldap user account
* @param $oldpass the current password to check
* @param $newpass the new password
* @retrun boolean true when password was changed
*/
public function changePassword($oldpass, $newpass)
{
if (!empty($newpass) && isset($oldpass)) {
if ($this->authenticate($oldpass)) {
$mapping = self::getMapping();
$query = $mapping['username'] . '=' . $this->username . ',' . \GO\Ldapauth\LdapauthModule::getPeopleDn($this->username);
$this->_ldapConn->bind(GO::config()->ldap_user, GO::config()->ldap_pass);
// become LDAP root
return @ldap_modify($this->_ldapConn->getLink(), $query, array('userpassword' => $this->encodePassword($newpass)));
$this->_ldapConn->bind($this->getDn(), $oldpass);
}
}
return false;
}
/**
*
* php groupofficecli.php -r=ldapauth/sync/users --delete=1 --max_delete_percentage=34 --dry=1
*
* @param type $params
* @throws Exception
*/
protected function actionUsers($params)
{
$this->requireCli();
\GO::session()->runAsRoot();
$dryRun = !empty($params['dry']);
if ($dryRun) {
echo "Dry run enabled.\n\n";
}
$la = new \GO\Ldapauth\Authenticator();
$ldapConn = \GO\Base\Ldap\Connection::getDefault();
$result = $ldapConn->search(\GO\Ldapauth\LdapauthModule::getPeopleDn(), $la->getUserSearchQuery());
//keep an array of users that exist in ldap. This array will be used later for deletes.
//admin user is not in ldap but should not be removed.
$usersInLDAP = array(1);
$i = 0;
while ($record = $result->fetch()) {
$i++;
try {
if (!$dryRun) {
$user = $la->syncUserWithLdapRecord($record);
if (!$user) {
//could be expluded from LDAP.
// echo "Failed syncing user. Enable and check debug log for more info.";
// echo "Failed LDAP record: ".var_export($record->getAttributes(), true)."\n";
continue;
}
$username = $user->username;
} else {
$attr = $la->getUserAttributes($record);
$username = $attr['username'];
$user = \GO\Base\Model\User::model()->findSingleByAttribute('username', $attr['username']);
}
if (!$dryRun) {
$this->fireEvent("ldapsyncuser", array($user, $record));
}
echo "Synced " . $username . "\n";
} catch (\Exception $e) {
echo "ERROR:\n";
echo (string) $e;
echo "LDAP record:";
var_dump($record->getAttributes());
}
if ($user) {
$usersInLDAP[] = $user->id;
}
// if($i==100)
// exit("Reached 100. Exitting");
}
$stmt = \GO\Base\Model\User::model()->find();
$totalInGO = $stmt->rowCount();
$totalInLDAP = count($usersInLDAP);
echo "Users in Group-Office: " . $totalInGO . "\n";
echo "Users in LDAP: " . $totalInLDAP . "\n";
if (!empty($params['delete'])) {
$percentageToDelete = round((1 - $totalInLDAP / $totalInGO) * 100);
$maxDeletePercentage = isset($params['max_delete_percentage']) ? intval($params['max_delete_percentage']) : 5;
if ($percentageToDelete > $maxDeletePercentage) {
die("Delete Aborted because script was about to delete more then {$maxDeletePercentage}% of the users (" . $percentageToDelete . "%, " . ($totalInGO - $totalInLDAP) . " users)\n");
}
while ($user = $stmt->fetch()) {
if (!in_array($user->id, $usersInLDAP)) {
echo "Deleting " . $user->username . "\n";
if (!$dryRun) {
$user->delete();
}
}
}
}
echo "Done\n\n";
//var_dump($attr);
}
