2015-06-09 16:14:01 -04:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* class.ldapAdvanced.php
|
2017-08-11 11:10:27 -04:00
|
|
|
* LDAP plugin for the RBAC class. This
|
2015-06-09 16:14:01 -04:00
|
|
|
class ldapAdvanced
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* The authsource id
|
|
|
|
|
* @var String
|
|
|
|
|
*/
|
|
|
|
|
public $sAuthSource = "";
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The organizational unit where the removed users are put into
|
|
|
|
|
* @var String
|
|
|
|
|
*/
|
|
|
|
|
public $sTerminatedOu = "";
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* a local variable to store connection with LDAP, and avoid multiple bindings
|
|
|
|
|
* @var String
|
|
|
|
|
*/
|
|
|
|
|
public $ldapcnn = null;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The users information array
|
|
|
|
|
* @var Array
|
|
|
|
|
*/
|
|
|
|
|
public $aUserInfo = array();
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* System information
|
|
|
|
|
* @var String
|
|
|
|
|
*/
|
|
|
|
|
public $sSystem = "";
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Object where an rbac instance is set
|
|
|
|
|
* @var Object
|
|
|
|
|
*/
|
|
|
|
|
static private $instance = null;
|
|
|
|
|
|
|
|
|
|
private $arrayObjectClassFilter = array(
|
|
|
|
|
"user" => "|(objectclass=inetorgperson)(objectclass=organizationalperson)(objectclass=person)(objectclass=user)",
|
|
|
|
|
"group" => "|(objectclass=posixgroup)(objectclass=group)(objectclass=groupofuniquenames)",
|
|
|
|
|
"department" => "|(objectclass=organizationalunit)"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
private $arrayAttributes = array(
|
|
|
|
|
"ldap" => array("uid" => "uid", "member" => "memberuid"), //OpenLDAP
|
|
|
|
|
"ad" => array("uid" => "samaccountname", "member" => "member"), //Active Directory
|
|
|
|
|
"ds" => array("uid" => "uid", "member" => "uniquemember") //389 DS
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
private $arrayAttributesForUser = array("dn", "uid", "samaccountname", "givenname", "sn", "cn", "mail", "userprincipalname", "useraccountcontrol", "accountexpires", "manager");
|
|
|
|
|
|
|
|
|
|
private $frontEnd = false;
|
|
|
|
|
private $debug = false;
|
|
|
|
|
public $arrayAuthenticationSourceUsersByUid = array();
|
|
|
|
|
public $arrayAuthenticationSourceUsersByUsername = array();
|
|
|
|
|
public $arrayDepartmentUsersByUid = array();
|
|
|
|
|
public $arrayDepartmentUsersByUsername = array();
|
|
|
|
|
public $arrayGroupUsersByUid = array();
|
|
|
|
|
public $arrayGroupUsersByUsername = array();
|
|
|
|
|
|
|
|
|
|
private $arrayDepartmentUserSynchronizedChecked = array();
|
|
|
|
|
private $arrayUserUpdateChecked = array();
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* default constructor method
|
|
|
|
|
*/
|
|
|
|
|
public function __construct()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set front end flag
|
|
|
|
|
*
|
|
|
|
|
* @param bool $flag Flag
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function setFrontEnd($flag)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->frontEnd = $flag;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set debug
|
|
|
|
|
*
|
|
|
|
|
* @param bool $debug Flag for debug
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function setDebug($debug)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->debug = $debug;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set Users that was registered with this Authentication Source
|
|
|
|
|
*
|
|
|
|
|
* @param string $authenticationSourceUid UID of Authentication Source
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function setArrayAuthenticationSourceUsers($authenticationSourceUid)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->arrayAuthenticationSourceUsersByUid = array();
|
|
|
|
|
$this->arrayAuthenticationSourceUsersByUsername = array();
|
|
|
|
|
|
|
|
|
|
//Set data
|
|
|
|
|
$criteria = new Criteria("rbac");
|
|
|
|
|
|
|
|
|
|
$criteria->addSelectColumn(RbacUsersPeer::USR_UID);
|
|
|
|
|
$criteria->addSelectColumn(RbacUsersPeer::USR_USERNAME);
|
|
|
|
|
$criteria->addSelectColumn(RbacUsersPeer::USR_AUTH_USER_DN);
|
|
|
|
|
$criteria->add(RbacUsersPeer::UID_AUTH_SOURCE, $authenticationSourceUid, Criteria::EQUAL);
|
|
|
|
|
$criteria->add(RbacUsersPeer::USR_AUTH_TYPE, "ldapadvanced", Criteria::EQUAL);
|
|
|
|
|
//$criteria->add(RbacUsersPeer::USR_STATUS, 1, Criteria::EQUAL);
|
|
|
|
|
|
|
|
|
|
$rsCriteria = RbacUsersPeer::doSelectRS($criteria);
|
|
|
|
|
$rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
while ($rsCriteria->next()) {
|
|
|
|
|
$row = $rsCriteria->getRow();
|
|
|
|
|
|
|
|
|
|
$this->arrayAuthenticationSourceUsersByUid[$row["USR_UID"]] = $row;
|
|
|
|
|
$this->arrayAuthenticationSourceUsersByUsername[$row["USR_USERNAME"]] = $row;
|
|
|
|
|
}
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set User to this Authentication Source
|
|
|
|
|
*
|
|
|
|
|
* @param string $userUid UID of User
|
|
|
|
|
* @param array $arrayUserLdap User LDAP data
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function setArrayAuthenticationSourceUser($userUid, array $arrayUserLdap)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$arrayUserData = array(
|
|
|
|
|
"USR_UID" => $userUid,
|
|
|
|
|
"USR_USERNAME" => $arrayUserLdap["sUsername"],
|
|
|
|
|
"USR_AUTH_USER_DN" => $arrayUserLdap["sDN"]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
//Set data
|
|
|
|
|
$this->arrayAuthenticationSourceUsersByUid[$arrayUserData["USR_UID"]] = $arrayUserData;
|
|
|
|
|
$this->arrayAuthenticationSourceUsersByUsername[$arrayUserData["USR_USERNAME"]] = $arrayUserData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set Users of the Department
|
|
|
|
|
*
|
|
|
|
|
* @param string $departmentUid UID of Department
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function setArrayDepartmentUsers($departmentUid)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->arrayDepartmentUsersByUid = array();
|
|
|
|
|
$this->arrayDepartmentUsersByUsername = array();
|
|
|
|
|
|
|
|
|
|
//Set data
|
|
|
|
|
$criteria = new Criteria("workflow");
|
|
|
|
|
|
|
|
|
|
$criteria->addSelectColumn(UsersPeer::USR_UID);
|
|
|
|
|
$criteria->addSelectColumn(UsersPeer::USR_USERNAME);
|
|
|
|
|
$criteria->addSelectColumn(UsersPeer::USR_REPORTS_TO);
|
|
|
|
|
$criteria->add(UsersPeer::DEP_UID, $departmentUid, Criteria::EQUAL);
|
|
|
|
|
$criteria->add(UsersPeer::USR_STATUS, "CLOSED", Criteria::NOT_EQUAL);
|
|
|
|
|
|
|
|
|
|
$rsCriteria = UsersPeer::doSelectRS($criteria);
|
|
|
|
|
$rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
while ($rsCriteria->next()) {
|
|
|
|
|
$row = $rsCriteria->getRow();
|
|
|
|
|
|
|
|
|
|
$this->arrayDepartmentUsersByUid[$row["USR_UID"]] = $row;
|
|
|
|
|
$this->arrayDepartmentUsersByUsername[$row["USR_USERNAME"]] = $row;
|
|
|
|
|
}
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set Users of the Group
|
|
|
|
|
*
|
|
|
|
|
* @param string $groupUid UID of Group
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function setArrayGroupUsers($groupUid)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->arrayGroupUsersByUid = array();
|
|
|
|
|
$this->arrayGroupUsersByUsername = array();
|
|
|
|
|
|
|
|
|
|
//Set data
|
|
|
|
|
$criteria = new Criteria("workflow");
|
|
|
|
|
|
|
|
|
|
$criteria->addSelectColumn(GroupUserPeer::GRP_UID);
|
|
|
|
|
$criteria->addSelectColumn(GroupUserPeer::USR_UID);
|
|
|
|
|
$criteria->addSelectColumn(UsersPeer::USR_USERNAME);
|
|
|
|
|
$criteria->addSelectColumn(UsersPeer::USR_REPORTS_TO);
|
|
|
|
|
$criteria->addJoin(GroupUserPeer::USR_UID, UsersPeer::USR_UID, Criteria::LEFT_JOIN);
|
|
|
|
|
$criteria->add(GroupUserPeer::GRP_UID, $groupUid, Criteria::EQUAL);
|
|
|
|
|
$criteria->add(UsersPeer::USR_STATUS, "CLOSED", Criteria::NOT_EQUAL);
|
|
|
|
|
|
|
|
|
|
$rsCriteria = GroupUserPeer::doSelectRS($criteria);
|
|
|
|
|
$rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
while ($rsCriteria->next()) {
|
|
|
|
|
$row = $rsCriteria->getRow();
|
|
|
|
|
|
|
|
|
|
$this->arrayGroupUsersByUid[$row["USR_UID"]] = $row;
|
|
|
|
|
$this->arrayGroupUsersByUsername[$row["USR_USERNAME"]] = $row;
|
|
|
|
|
}
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set data to array of Users synchronized (Department)
|
|
|
|
|
*
|
|
|
|
|
* @param array $arrayData Data
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function setArrayDepartmentUserSynchronizedChecked(array $arrayData)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->arrayDepartmentUserSynchronizedChecked = $arrayData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set data to array of updated Users
|
|
|
|
|
*
|
|
|
|
|
* @param array $arrayData Data
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function setArrayUserUpdateChecked(array $arrayData)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->arrayUserUpdateChecked = $arrayData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This method gets the singleton Rbac instance.
|
|
|
|
|
* @return Object instance of the rbac class
|
|
|
|
|
*/
|
|
|
|
|
public function &getSingleton()
|
|
|
|
|
{
|
|
|
|
|
if (self::$instance == null) {
|
|
|
|
|
self::$instance = new RBAC();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return self::$instance;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Progress bar
|
|
|
|
|
*
|
|
|
|
|
* @param int $total Total
|
|
|
|
|
* @param int $count Count
|
|
|
|
|
*
|
|
|
|
|
* return string Return a string that represent progress bar
|
|
|
|
|
*/
|
|
|
|
|
public function progressBar($total, $count)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$p = (int)(($count * 100) / $total);
|
|
|
|
|
$n = (int)($p / 2);
|
|
|
|
|
|
|
|
|
|
return "[" . str_repeat("|", $n) . str_repeat(" ", 50 - $n) . "] $p%";
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Show front end
|
|
|
|
|
*
|
|
|
|
|
* @param string $option Option
|
|
|
|
|
* @param string $data Data string
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function frontEndShow($option, $data = "")
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
if (!$this->frontEnd) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$numc = 100;
|
|
|
|
|
|
|
|
|
|
switch ($option) {
|
|
|
|
|
case "BAR":
|
|
|
|
|
echo "\r" . "| " . $data . str_repeat(" ", $numc - 2 - strlen($data));
|
|
|
|
|
break;
|
|
|
|
|
case "TEXT":
|
|
|
|
|
echo "\r" . "| " . $data . str_repeat(" ", $numc - 2 - strlen($data)) . "\n";
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
//START, END
|
|
|
|
|
echo "\r" . "+" . str_repeat("-", $numc - 2) . "+" . "\n";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get valid characteres
|
|
|
|
|
*
|
|
|
|
|
* return array Return an array with valid characteres
|
|
|
|
|
*/
|
|
|
|
|
public function characters()
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$arrayCharacter = array();
|
|
|
|
|
|
|
|
|
|
for ($i = 33; $i <= 127; $i++) {
|
|
|
|
|
$char = trim(strtolower(chr($i)));
|
|
|
|
|
|
|
|
|
|
if ($char != "") {
|
|
|
|
|
$arrayCharacter[$i] = $char;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unset($arrayCharacter[33]); //!
|
|
|
|
|
unset($arrayCharacter[38]); //&
|
|
|
|
|
unset($arrayCharacter[40]); //(
|
|
|
|
|
unset($arrayCharacter[41]); //)
|
|
|
|
|
unset($arrayCharacter[42]); //*
|
|
|
|
|
unset($arrayCharacter[60]); //<
|
|
|
|
|
unset($arrayCharacter[61]); //=
|
|
|
|
|
unset($arrayCharacter[62]); //>
|
|
|
|
|
unset($arrayCharacter[124]); //|
|
|
|
|
|
unset($arrayCharacter[126]); //~
|
|
|
|
|
unset($arrayCharacter[127]); //DEL
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return array_unique($arrayCharacter);
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get User data, if Username was registered with this Authentication Source
|
|
|
|
|
*
|
|
|
|
|
* @param string $username Username
|
|
|
|
|
*
|
|
|
|
|
* return array Return User data, if Username was registered with this Authentication Source; empty data otherwise
|
|
|
|
|
*/
|
|
|
|
|
public function authenticationSourceGetUserDataIfUsernameExists($username)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
if (isset($this->arrayAuthenticationSourceUsersByUsername[$username])) {
|
|
|
|
|
return $this->arrayAuthenticationSourceUsersByUsername[$username];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return array();
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get User data, if Username exists in Department
|
|
|
|
|
*
|
|
|
|
|
* @param string $username Username
|
|
|
|
|
*
|
|
|
|
|
* return array Return User data, if Username exists in Department; empty data otherwise
|
|
|
|
|
*/
|
|
|
|
|
public function departmentGetUserDataIfUsernameExists($username)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
if (isset($this->arrayDepartmentUsersByUsername[$username])) {
|
|
|
|
|
return $this->arrayDepartmentUsersByUsername[$username];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return array();
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get User data, if Username exists in Group
|
|
|
|
|
*
|
|
|
|
|
* @param string $username Username
|
|
|
|
|
*
|
|
|
|
|
* return array Return User data, if Username exists in Group; empty data otherwise
|
|
|
|
|
*/
|
|
|
|
|
public function groupGetUserDataIfUsernameExists($username)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
if (isset($this->arrayGroupUsersByUsername[$username])) {
|
|
|
|
|
return $this->arrayGroupUsersByUsername[$username];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return array();
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getFieldsForPageSetup()
|
|
|
|
|
{
|
|
|
|
|
return array();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* add a line in the ldap log
|
|
|
|
|
*
|
|
|
|
|
* before the log was generated in shared/sites/<site> folder, but it was deprecated
|
|
|
|
|
* and now we are saving the log in shared/log the entry in the log file.
|
|
|
|
|
* @author Fernando Ontiveros Lira <fernando@colosa.com>
|
|
|
|
|
* @param Object $_link ldap connection
|
|
|
|
|
* @param String $text
|
|
|
|
|
*/
|
|
|
|
|
public function log($link, $text)
|
|
|
|
|
{
|
|
|
|
|
//$serverAddr = $_SERVER["SERVER_ADDR"];
|
|
|
|
|
$logFile = PATH_DATA . "log/ldapAdvanced.log";
|
|
|
|
|
|
|
|
|
|
if (!file_exists($logFile) || is_writable($logFile)) {
|
|
|
|
|
$fpt= fopen ($logFile, "a");
|
|
|
|
|
$ldapErrorMsg = "";
|
|
|
|
|
$ldapErrorNr = 0;
|
|
|
|
|
|
|
|
|
|
if ($link != null) {
|
2016-04-14 13:15:17 -04:00
|
|
|
$ldapErrorNr = ldap_errno($link);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
if ( $ldapErrorNr != 0 ) {
|
2016-04-14 13:15:17 -04:00
|
|
|
$ldapErrorMsg = ldap_error($link);
|
2015-06-09 16:14:01 -04:00
|
|
|
$text = $ldapErrorMsg . " : " . $text;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//log format: date hour ipaddress workspace ldapErrorNr
|
|
|
|
|
fwrite($fpt, sprintf("%s %s %s %s %s \n", date("Y-m-d H:i:s"), getenv("REMOTE_ADDR"), SYS_SYS, $ldapErrorNr, $text));
|
|
|
|
|
fclose($fpt);
|
|
|
|
|
} else {
|
|
|
|
|
error_log ("file $logFile is not writable ");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Add a debug line in the LDAP log
|
|
|
|
|
*
|
|
|
|
|
* @param string $text Text
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function debugLog($text)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
if ($this->debug) {
|
|
|
|
|
$this->log(null, "DEBUG: $text");
|
|
|
|
|
}
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This method generates the ldap connection bind and returns the link object
|
|
|
|
|
* for a determined authsource
|
|
|
|
|
* @author Fernando Ontiveros Lira <fernando@colosa.com>
|
|
|
|
|
* @param Array $aAuthSource the authsource data
|
|
|
|
|
* @return Object A object with the resulting ldap bind
|
|
|
|
|
*/
|
|
|
|
|
public function ldapConnection($aAuthSource)
|
|
|
|
|
{
|
|
|
|
|
$pass = explode("_",$aAuthSource["AUTH_SOURCE_PASSWORD"]);
|
|
|
|
|
|
|
|
|
|
foreach ($pass as $index => $value) {
|
|
|
|
|
if ($value == "2NnV3ujj3w") {
|
|
|
|
|
$aAuthSource["AUTH_SOURCE_PASSWORD"] = G::decrypt($pass[0],$aAuthSource["AUTH_SOURCE_SERVER_NAME"]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$ldapcnn = ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], $aAuthSource['AUTH_SOURCE_PORT']);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
$ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"] ;
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
|
|
|
ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) {
|
2016-04-18 18:57:58 -04:00
|
|
|
@ldap_start_tls($ldapcnn);
|
2015-06-09 16:14:01 -04:00
|
|
|
$ldapServer = "TLS " . $ldapServer;
|
|
|
|
|
//$this->log($ldapcnn, "start tls");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($aAuthSource["AUTH_ANONYMOUS"] == "1") {
|
2016-04-18 18:57:58 -04:00
|
|
|
$bBind = @ldap_bind($ldapcnn);
|
2015-06-09 16:14:01 -04:00
|
|
|
$this->log($ldapcnn, "bind $ldapServer like anonymous user");
|
|
|
|
|
} else {
|
2016-04-18 18:57:58 -04:00
|
|
|
$bBind = @ldap_bind($ldapcnn, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']);
|
2015-06-09 16:14:01 -04:00
|
|
|
$this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!$bBind) {
|
|
|
|
|
throw new Exception("Unable to bind to server: $ldapServer . " . "LDAP-Errno: " . ldap_errno($ldapcnn) . " : " . ldap_error($ldapcnn) . " \n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $ldapcnn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This method obtains the attributes of a ldap Connection passed as parameter
|
|
|
|
|
* @param Object $ldapcnn ldap connection
|
|
|
|
|
* @author Fernando Ontiveros Lira <fernando@colosa.com>
|
|
|
|
|
* @param Object $oEntry Entry object
|
|
|
|
|
* @return Array attributes
|
|
|
|
|
*/
|
|
|
|
|
public function ldapGetAttributes($ldapcnn, $entry)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$arrayAttributes = array();
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$arrayAttributes['dn'] = ldap_get_dn($ldapcnn, $entry);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$arrayAux = ldap_get_attributes($ldapcnn, $entry);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
for ($i = 0; $i <= $arrayAux["count"] - 1; $i++) {
|
|
|
|
|
$key = strtolower($arrayAux[$i]);
|
|
|
|
|
|
|
|
|
|
switch ($arrayAux[$arrayAux[$i]]["count"]) {
|
|
|
|
|
case 0:
|
|
|
|
|
$arrayAttributes[$key] = "";
|
|
|
|
|
break;
|
|
|
|
|
case 1:
|
|
|
|
|
$arrayAttributes[$key] = $arrayAux[$arrayAux[$i]][0];
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
$arrayAttributes[$key] = $arrayAux[$arrayAux[$i]];
|
|
|
|
|
|
|
|
|
|
unset($arrayAttributes[$key]["count"]);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!isset($arrayAttributes["mail"]) && isset($arrayAttributes["userprincipalname"])) {
|
|
|
|
|
$arrayAttributes["mail"] = $arrayAttributes["userprincipalname"];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $arrayAttributes;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get Users from Department (Search result identifier)
|
|
|
|
|
*
|
|
|
|
|
* @param resource $ldapcnn LDAP link identifier
|
|
|
|
|
* @param resource $searchResult Search result identifier
|
|
|
|
|
* @param string $option Option (GET, SYNCHRONIZE)
|
|
|
|
|
* @param string $dn DN
|
|
|
|
|
* @param string $uidUserIdentifier User identifier
|
|
|
|
|
* @param int $totalUser Total users
|
|
|
|
|
* @param int $countUser User counter
|
|
|
|
|
* @param array $arrayData Data
|
|
|
|
|
*
|
|
|
|
|
* return array Return an array data
|
|
|
|
|
*/
|
|
|
|
|
public function ldapGetUsersFromDepartmentSearchResult($ldapcnn, $searchResult, $option, $dn, $uidUserIdentifier, $totalUser, $countUser, array $arrayData)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > START");
|
|
|
|
|
|
|
|
|
|
if ($searchResult) {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK");
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$numEntries = ldap_count_entries($ldapcnn, $searchResult);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK > \$numEntries ----> $numEntries");
|
|
|
|
|
|
|
|
|
|
$totalUser += $numEntries;
|
|
|
|
|
|
|
|
|
|
if ($numEntries > 0) {
|
|
|
|
|
$this->log($ldapcnn, "Search $dn accounts with identifier = $uidUserIdentifier");
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
|
|
|
|
|
|
|
|
|
|
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : "";
|
|
|
|
|
|
|
|
|
|
$countUser++;
|
|
|
|
|
|
|
|
|
|
if ((is_array($username) && !empty($username)) || trim($username) != "") {
|
|
|
|
|
$arrayUserData = $this->getUserDataFromAttribute($username, $arrayUserLdap);
|
|
|
|
|
|
|
|
|
|
if (!isset($this->arrayDepartmentUserSynchronizedChecked[$arrayUserData["sUsername"]])) {
|
|
|
|
|
$this->arrayDepartmentUserSynchronizedChecked[$arrayUserData["sUsername"]] = 1;
|
|
|
|
|
|
|
|
|
|
switch ($option) {
|
|
|
|
|
case "GET":
|
|
|
|
|
$arrayData[] = $arrayUserData;
|
|
|
|
|
break;
|
|
|
|
|
case "SYNCHRONIZE":
|
|
|
|
|
$arrayData = $this->departmentSynchronizeUser("", $arrayUserData, $arrayData);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$this->log($ldapcnn, "User is repeated: Username \"" . $arrayUserData["sUsername"] . "\", DN \"" . $arrayUserData["sDN"] . "\"");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($option == "SYNCHRONIZE") {
|
|
|
|
|
//Progress bar
|
|
|
|
|
$this->frontEndShow("BAR", "Departments: " . $arrayData["i"] . "/" . $arrayData["n"] . " " . $this->progressBar($totalUser, $countUser));
|
|
|
|
|
}
|
2016-04-14 13:15:17 -04:00
|
|
|
} while ($entry = ldap_next_entry($ldapcnn, $entry));
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > END");
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return array($totalUser, $countUser, $arrayData);
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get Users from Department
|
|
|
|
|
*
|
|
|
|
|
* @param string $option Option (GET, SYNCHRONIZE)
|
|
|
|
|
* @param string $dn DN of Department
|
|
|
|
|
* @param array $arrayData Data
|
|
|
|
|
*
|
|
|
|
|
* return array Return an array with data Users or array data
|
|
|
|
|
*/
|
|
|
|
|
public function ldapGetUsersFromDepartment($option, $dn, array $arrayData = array())
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > START");
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$dn ----> $dn");
|
|
|
|
|
|
|
|
|
|
$arrayUser = array();
|
|
|
|
|
$totalUser = 0;
|
|
|
|
|
$countUser = 0;
|
|
|
|
|
|
|
|
|
|
//Set variables
|
|
|
|
|
$dn = trim($dn);
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
|
|
|
|
|
if (is_null($rbac->authSourcesObj)) {
|
|
|
|
|
$rbac->authSourcesObj = new AuthenticationSource();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
|
|
|
|
|
|
|
|
|
|
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
|
|
|
|
|
|
|
|
|
$ldapcnn = $this->ldapcnn;
|
|
|
|
|
|
|
|
|
|
//Get Users
|
2016-04-22 11:19:13 -04:00
|
|
|
$limit = $this->__getPageSizeLimitByData($arrayAuthenticationSourceData);
|
2016-04-14 13:15:17 -04:00
|
|
|
$flagError = false;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
if (!isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"])) {
|
|
|
|
|
$arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
|
|
|
|
|
|
|
|
|
|
$filterUsers = trim($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"]);
|
|
|
|
|
|
|
|
|
|
$filter = ($filterUsers != "")? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$cookie = '';
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
do {
|
2016-04-14 13:15:17 -04:00
|
|
|
ldap_control_paged_result($ldapcnn, $limit, true, $cookie);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
$searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
|
|
|
|
$flagError = true;
|
2015-06-09 16:14:01 -04:00
|
|
|
} else {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK");
|
|
|
|
|
|
|
|
|
|
switch ($option) {
|
|
|
|
|
case "GET":
|
|
|
|
|
list($totalUser, $countUser, $arrayUser) = $this->ldapGetUsersFromDepartmentSearchResult($ldapcnn, $searchResult, $option, $dn, $uidUserIdentifier, $totalUser, $countUser, $arrayUser);
|
|
|
|
|
break;
|
|
|
|
|
case "SYNCHRONIZE":
|
|
|
|
|
list($totalUser, $countUser, $arrayData) = $this->ldapGetUsersFromDepartmentSearchResult($ldapcnn, $searchResult, $option, $dn, $uidUserIdentifier, $totalUser, $countUser, $arrayData);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if (!$flagError) {
|
|
|
|
|
ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
|
|
|
|
|
}
|
2016-04-14 13:15:17 -04:00
|
|
|
} while (($cookie !== null && $cookie != '') && !$flagError);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
//Get Users //2
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($flagError) {
|
2015-06-09 16:14:01 -04:00
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > Search by characters > START");
|
|
|
|
|
|
|
|
|
|
foreach ($this->characters() as $value) {
|
|
|
|
|
$char = $value;
|
|
|
|
|
|
|
|
|
|
$ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
|
|
|
|
|
|
|
|
|
$filter = ($filterUsers != "")? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
|
|
|
|
|
$filter = "(&$filter($uidUserIdentifier=$char*))";
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
|
|
|
|
|
|
|
|
|
|
$searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
2015-06-09 16:14:01 -04:00
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > ERROR > \$error ---->\n" . print_r($error, true));
|
|
|
|
|
} else {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK");
|
|
|
|
|
|
|
|
|
|
switch ($option) {
|
|
|
|
|
case "GET":
|
|
|
|
|
list($totalUser, $countUser, $arrayUser) = $this->ldapGetUsersFromDepartmentSearchResult($ldapcnn, $searchResult, $option, $dn, $uidUserIdentifier, $totalUser, $countUser, $arrayUser);
|
|
|
|
|
break;
|
|
|
|
|
case "SYNCHRONIZE":
|
|
|
|
|
list($totalUser, $countUser, $arrayData) = $this->ldapGetUsersFromDepartmentSearchResult($ldapcnn, $searchResult, $option, $dn, $uidUserIdentifier, $totalUser, $countUser, $arrayData);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > Search by characters > END");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->log($ldapcnn, "Found $totalUser users in department $dn");
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > END");
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
switch ($option) {
|
|
|
|
|
case "GET":
|
|
|
|
|
return $arrayUser;
|
|
|
|
|
break;
|
|
|
|
|
case "SYNCHRONIZE":
|
|
|
|
|
return $arrayData;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
/**
|
|
|
|
|
* Synchronize Group's members
|
|
|
|
|
*
|
|
|
|
|
* @param resource $ldapcnn LDAP link identifier
|
|
|
|
|
* @param array $arrayAuthSourceData Authentication Source Data
|
|
|
|
|
* @param string $groupUid Unique id of Group
|
|
|
|
|
* @param array $arrayGroupLdap LDAP Group
|
|
|
|
|
* @param string $memberAttribute Member attribute
|
|
|
|
|
* @param array $arrayData Data
|
|
|
|
|
*
|
|
|
|
|
* @return array Return array data
|
|
|
|
|
*/
|
|
|
|
|
private function __ldapGroupSynchronizeMembers(
|
|
|
|
|
$ldapcnn,
|
|
|
|
|
array $arrayAuthSourceData,
|
|
|
|
|
$groupUid,
|
|
|
|
|
array $arrayGroupLdap,
|
|
|
|
|
$memberAttribute,
|
|
|
|
|
array $arrayData = []
|
|
|
|
|
) {
|
|
|
|
|
try {
|
|
|
|
|
unset($arrayData['countMembers']);
|
|
|
|
|
|
|
|
|
|
//Get members
|
|
|
|
|
if (!isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_USERS_FILTER'])) {
|
|
|
|
|
$arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_USERS_FILTER'] = '';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$uidUserIdentifier = (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER']))?
|
|
|
|
|
$arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'] : 'uid';
|
|
|
|
|
|
|
|
|
|
$filterUsers = trim($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_USERS_FILTER']);
|
|
|
|
|
|
|
|
|
|
$filter = ($filterUsers != '')? $filterUsers : '(' . $this->arrayObjectClassFilter['user'] . ')';
|
|
|
|
|
|
|
|
|
|
if (isset($arrayGroupLdap[$memberAttribute])) {
|
|
|
|
|
if (!is_array($arrayGroupLdap[$memberAttribute])) {
|
|
|
|
|
$arrayGroupLdap[$memberAttribute] = [$arrayGroupLdap[$memberAttribute]];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayData['countMembers'] = count($arrayGroupLdap[$memberAttribute]);
|
|
|
|
|
$arrayData['totalUser'] += $arrayData['countMembers'];
|
|
|
|
|
|
|
|
|
|
//Synchronize members
|
|
|
|
|
foreach ($arrayGroupLdap[$memberAttribute] as $value) {
|
|
|
|
|
$member = $value; //User DN
|
|
|
|
|
|
|
|
|
|
$searchResult = @ldap_search($ldapcnn, $member, $filter, $this->arrayAttributesForUser);
|
|
|
|
|
|
|
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
|
|
|
|
//
|
|
|
|
|
} else {
|
|
|
|
|
if ($searchResult) {
|
|
|
|
|
if (ldap_count_entries($ldapcnn, $searchResult) > 0) {
|
|
|
|
|
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
|
|
|
|
|
|
|
|
|
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
|
|
|
|
|
|
|
|
|
|
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : '';
|
|
|
|
|
|
|
|
|
|
$arrayData['countUser']++;
|
|
|
|
|
|
|
|
|
|
if ((is_array($username) && !empty($username)) || trim($username) != '') {
|
|
|
|
|
$arrayData = $this->groupSynchronizeUser(
|
|
|
|
|
$groupUid, $this->getUserDataFromAttribute($username, $arrayUserLdap), $arrayData
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Progress bar
|
|
|
|
|
$this->frontEndShow(
|
|
|
|
|
'BAR',
|
|
|
|
|
'Groups: ' . $arrayData['i'] . '/' . $arrayData['n'] . ' ' .
|
|
|
|
|
$this->progressBar($arrayData['totalUser'], $arrayData['countUser'])
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return $arrayData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-09 16:14:01 -04:00
|
|
|
/**
|
|
|
|
|
* Get Users from Group
|
|
|
|
|
*
|
|
|
|
|
* @param string $option Option (SYNCHRONIZE)
|
|
|
|
|
* @param array $arrayGroupData Group data
|
|
|
|
|
* @param array $arrayData Data
|
|
|
|
|
*
|
|
|
|
|
* return array Return array data
|
|
|
|
|
*/
|
|
|
|
|
public function ldapGetUsersFromGroup($option, array $arrayGroupData, array $arrayData = array())
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > START");
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > \$arrayGroupData ---->\n" . print_r($arrayGroupData, true));
|
|
|
|
|
|
|
|
|
|
$totalUser = 0;
|
|
|
|
|
$countUser = 0;
|
|
|
|
|
|
|
|
|
|
//Set variables
|
|
|
|
|
$dn = trim($arrayGroupData["GRP_LDAP_DN"]);
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
|
|
|
|
|
if (is_null($rbac->authSourcesObj)) {
|
|
|
|
|
$rbac->authSourcesObj = new AuthenticationSource();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
|
|
|
|
|
|
|
|
|
|
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
|
|
|
|
|
|
|
|
|
$ldapcnn = $this->ldapcnn;
|
|
|
|
|
|
|
|
|
|
//Get Group members
|
|
|
|
|
$memberAttribute = $this->arrayAttributes[$arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["LDAP_TYPE"]]["member"];
|
|
|
|
|
|
|
|
|
|
$filter = "(" . $this->arrayObjectClassFilter["group"] . ")";
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > \$filter ----> $filter");
|
|
|
|
|
|
|
|
|
|
$searchResult = @ldap_search($ldapcnn, $dn, $filter, array($memberAttribute));
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
2015-06-09 16:14:01 -04:00
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > ERROR > \$error ---->\n" . print_r($error, true));
|
|
|
|
|
} else {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK1");
|
|
|
|
|
|
|
|
|
|
if ($searchResult) {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2");
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$numEntries = ldap_count_entries($ldapcnn, $searchResult);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > \$numEntries ----> $numEntries");
|
|
|
|
|
|
|
|
|
|
if ($numEntries > 0) {
|
2016-04-14 13:15:17 -04:00
|
|
|
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$arrayGroupLdap = $this->ldapGetAttributes($ldapcnn, $entry);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
//Syncronize members
|
|
|
|
|
$flagMemberRange = false;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$memberAttribute2 = $memberAttribute;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
if (isset($arrayGroupLdap[$memberAttribute]) && empty($arrayGroupLdap[$memberAttribute])) {
|
|
|
|
|
foreach ($arrayGroupLdap as $key => $value) {
|
|
|
|
|
if (preg_match('/^member;range=\d+\-\d+$/i', $key)) {
|
|
|
|
|
$memberAttribute2 = $key;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$flagMemberRange = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$arrayData = $this->__ldapGroupSynchronizeMembers(
|
|
|
|
|
$ldapcnn,
|
|
|
|
|
$arrayAuthenticationSourceData,
|
|
|
|
|
$arrayGroupData['GRP_UID'],
|
|
|
|
|
$arrayGroupLdap,
|
|
|
|
|
$memberAttribute2,
|
|
|
|
|
array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
|
|
|
|
|
);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$totalUser = $arrayData['totalUser'];
|
|
|
|
|
$countUser = $arrayData['countUser'];
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$limitMemberRange = (isset($arrayData['countMembers']))? $arrayData['countMembers'] : 0;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
if ($flagMemberRange) {
|
|
|
|
|
for ($start = $limitMemberRange; true; $start += $limitMemberRange) {
|
|
|
|
|
$end = $start + $limitMemberRange - 1;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$memberAttribute2 = $memberAttribute . ';range=' . $start . '-' . $end;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$searchResult = @ldap_search($ldapcnn, $dn, $filter, [$memberAttribute2]);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
2016-04-18 18:57:58 -04:00
|
|
|
break;
|
2015-06-09 16:14:01 -04:00
|
|
|
} else {
|
2016-04-18 18:57:58 -04:00
|
|
|
if ($searchResult) {
|
|
|
|
|
if (ldap_count_entries($ldapcnn, $searchResult) > 0) {
|
|
|
|
|
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$arrayGroupLdap = $this->ldapGetAttributes($ldapcnn, $entry);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
foreach ($arrayGroupLdap as $key => $value) {
|
|
|
|
|
if (preg_match('/^member;range=\d+\-\*$/i', $key)) {
|
|
|
|
|
$memberAttribute2 = $key;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
|
2016-04-18 18:57:58 -04:00
|
|
|
$arrayData = $this->__ldapGroupSynchronizeMembers(
|
|
|
|
|
$ldapcnn,
|
|
|
|
|
$arrayAuthenticationSourceData,
|
|
|
|
|
$arrayGroupData['GRP_UID'],
|
|
|
|
|
$arrayGroupLdap,
|
|
|
|
|
$memberAttribute2,
|
|
|
|
|
array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$totalUser = $arrayData['totalUser'];
|
|
|
|
|
$countUser = $arrayData['countUser'];
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->log($ldapcnn, "Found $totalUser users in group $dn");
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > END");
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return $arrayData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This method authentifies if a user has the RBAC_user privileges
|
|
|
|
|
* also verifies if the user has the rights to start an application
|
|
|
|
|
*
|
|
|
|
|
* @author Fernando Ontiveros Lira <fernando@colosa.com>
|
|
|
|
|
* @access public
|
|
|
|
|
|
|
|
|
|
* @param string $strUser UserId (user login)
|
|
|
|
|
* @param string $strPass Password
|
|
|
|
|
* @return
|
|
|
|
|
* -1: user doesn"t exists / no existe usuario
|
|
|
|
|
* -2: wrong password / password errado
|
|
|
|
|
* -3: inactive user / usuario inactivo
|
|
|
|
|
* -4: user due date / usuario vencido
|
|
|
|
|
* -5: connection error
|
|
|
|
|
* n : user uid / uid de usuario
|
|
|
|
|
*/
|
|
|
|
|
public function VerifyLogin($strUser, $strPass)
|
|
|
|
|
{
|
|
|
|
|
if (is_array($strUser)) {
|
|
|
|
|
$strUser = $strUser[0];
|
|
|
|
|
} else {
|
|
|
|
|
$strUser = trim($strUser);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $strUser == "" ) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( strlen( $strPass ) == 0) {
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ldapcnn = null;
|
|
|
|
|
|
|
|
|
|
$validUserPass = 1;
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
|
|
|
|
|
if (is_null($rbac->authSourcesObj)) {
|
|
|
|
|
$rbac->authSourcesObj = new AuthenticationSource();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($rbac->userObj == null) {
|
|
|
|
|
$rbac->userObj = new RbacUsers();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayAuthSource = $rbac->authSourcesObj->load($this->sAuthSource);
|
|
|
|
|
|
|
|
|
|
$setAttributes = 0;
|
|
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if (isset($arrayAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_SHOWGRID']) &&
|
|
|
|
|
$arrayAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_SHOWGRID'] == 'on'
|
|
|
|
|
) {
|
2015-06-09 16:14:01 -04:00
|
|
|
$setAttributes = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Get UserName
|
|
|
|
|
$criteria = new Criteria("rbac");
|
|
|
|
|
|
|
|
|
|
$criteria->addSelectColumn(RbacUsersPeer::USR_USERNAME);
|
|
|
|
|
$criteria->addSelectColumn(RbacUsersPeer::USR_UID);
|
|
|
|
|
$criteria->add(RbacUsersPeer::UID_AUTH_SOURCE, $arrayAuthSource["AUTH_SOURCE_UID"]);
|
|
|
|
|
$criteria->add(RbacUsersPeer::USR_AUTH_USER_DN, $strUser);
|
|
|
|
|
$criteria->add(RbacUsersPeer::USR_USERNAME, "", Criteria::NOT_EQUAL);
|
|
|
|
|
|
|
|
|
|
$rsCriteria = RbacUsersPeer::doSelectRS($criteria);
|
|
|
|
|
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
$rsCriteria->next();
|
|
|
|
|
$row = $rsCriteria->getRow();
|
|
|
|
|
|
|
|
|
|
$usrName = $row["USR_USERNAME"];
|
|
|
|
|
$usrUid = $row["USR_UID"];
|
|
|
|
|
|
|
|
|
|
//Get the AuthSource properties
|
|
|
|
|
//Check if the dn in the database record matches with the dn for the ldap account
|
|
|
|
|
$verifiedUser = $this->searchUserByUid(
|
|
|
|
|
$usrName,
|
|
|
|
|
$arrayAuthSource["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (empty($verifiedUser) || trim($verifiedUser["sDN"]) == null) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$userDn = $strUser;
|
|
|
|
|
|
|
|
|
|
if ($verifiedUser["sDN"] != $strUser || $setAttributes==1) {
|
2016-04-22 11:19:13 -04:00
|
|
|
$userDn = $verifiedUser['sDN'];
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
//Update data
|
|
|
|
|
$user = new \ProcessMaker\BusinessModel\User();
|
|
|
|
|
$arrayUserData = $user->getUserRecordByPk($usrUid, [], false);
|
|
|
|
|
|
|
|
|
|
$result = $this->__ldapUserUpdateByDnAndData(
|
|
|
|
|
$this->ldapcnn, $arrayAuthSource, $userDn, [$arrayUserData['USR_USERNAME'] => $arrayUserData]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
//Update DN
|
2015-06-09 16:14:01 -04:00
|
|
|
$con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME);
|
|
|
|
|
// select set
|
|
|
|
|
$c1 = new Criteria("rbac");
|
|
|
|
|
$c1->add(RbacUsersPeer::UID_AUTH_SOURCE, $arrayAuthSource["AUTH_SOURCE_UID"]);
|
|
|
|
|
$c1->add(RbacUsersPeer::USR_AUTH_USER_DN, $strUser);
|
|
|
|
|
// update set
|
|
|
|
|
$c2 = new Criteria("rbac");
|
2016-04-22 11:19:13 -04:00
|
|
|
$c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $userDn);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
BasePeer::doUpdate($c1, $c2, $con);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Check ldap connection for user
|
|
|
|
|
$arrayAuthSource["AUTH_ANONYMOUS"] = "0";
|
|
|
|
|
$arrayAuthSource["AUTH_SOURCE_SEARCH_USER"] = $userDn;
|
|
|
|
|
$arrayAuthSource["AUTH_SOURCE_PASSWORD"] = $strPass;
|
|
|
|
|
|
|
|
|
|
$ldapcnn = $this->ldapConnection($arrayAuthSource);
|
|
|
|
|
$flagUpdate = false;
|
|
|
|
|
switch(ldap_errno($ldapcnn)) {
|
|
|
|
|
case '0x00':
|
|
|
|
|
$flagUpdate = true;
|
|
|
|
|
$statusRbac = 1;
|
|
|
|
|
$statusUser = 'ACTIVE';
|
|
|
|
|
break;
|
|
|
|
|
case '0x34':
|
|
|
|
|
case '0x58':
|
|
|
|
|
case '0x5e':
|
|
|
|
|
//LDAP_UNAVAILABLE
|
|
|
|
|
//LDAP_USER_CANCELLED
|
|
|
|
|
//LDAP_NO_RESULTS_RETURNED
|
|
|
|
|
$flagUpdate = true;
|
|
|
|
|
$statusRbac = 0;
|
|
|
|
|
$statusUser = 'INACTIVE';
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if ($flagUpdate) {
|
|
|
|
|
$con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME);
|
|
|
|
|
// select set
|
|
|
|
|
$c1 = new Criteria("rbac");
|
|
|
|
|
$c1->add(RbacUsersPeer::UID_AUTH_SOURCE, $arrayAuthSource["AUTH_SOURCE_UID"]);
|
|
|
|
|
$c1->add(RbacUsersPeer::USR_AUTH_USER_DN, $strUser);
|
|
|
|
|
// update set
|
|
|
|
|
$c2 = new Criteria("rbac");
|
|
|
|
|
$c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $verifiedUser["sDN"]);
|
|
|
|
|
$c2->add(RbacUsersPeer::USR_STATUS, $statusRbac);
|
|
|
|
|
BasePeer::doUpdate($c1, $c2, $con);
|
|
|
|
|
$columnsWf = array();
|
|
|
|
|
$columnsWf['USR_UID'] = $usrUid;
|
|
|
|
|
$columnsWf['USR_STATUS'] = $statusUser;
|
|
|
|
|
$oUser = new Users();
|
|
|
|
|
$oUser->update($columnsWf);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$attributes = $arrayAuthSource["AUTH_SOURCE_DATA"];
|
|
|
|
|
|
|
|
|
|
if (!isset($attributes['AUTH_SOURCE_RETIRED_OU'])) {
|
|
|
|
|
$attributes ['AUTH_SOURCE_RETIRED_OU'] = '';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Check if the user is in the terminated organizational unit
|
|
|
|
|
if ($this->userIsTerminated($usrName, $attributes["AUTH_SOURCE_RETIRED_OU"])) {
|
|
|
|
|
$this->deactivateUser($usrName);
|
|
|
|
|
$this->log($ldapcnn, "user $strUser is member of Remove OU, deactivating this user.");
|
|
|
|
|
|
|
|
|
|
return -3;
|
|
|
|
|
}
|
|
|
|
|
$validUserPass = ldap_errno($ldapcnn) == 0;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
$validUserPass = -5;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $validUserPass == 1 ) {
|
|
|
|
|
$this->log($ldapcnn, "sucessful login user " . $verifiedUser["sDN"]);
|
|
|
|
|
} else {
|
|
|
|
|
$this->log($ldapcnn, "failure authentication for user $strUser");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $validUserPass ;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get data of a User from attribute
|
|
|
|
|
*
|
|
|
|
|
* @param mixed $username Username
|
|
|
|
|
* @param array $arrayAttributes Attributes
|
|
|
|
|
*
|
|
|
|
|
* return array Return an array with data User
|
|
|
|
|
*/
|
|
|
|
|
public function getUserDataFromAttribute($username, array $arrayAttributes)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$keyMail = (isset($arrayAttributes["mail"]))? "mail" : ((isset($arrayAttributes["userprincipalname"]))? "userprincipalname" : "nomail");
|
|
|
|
|
|
|
|
|
|
return array(
|
|
|
|
|
"sUsername" => trim((is_array($username))? $username[0] : $username),
|
|
|
|
|
"sPassword" => trim((isset($arrayAttributes["userpassword"]))? ((is_array($arrayAttributes["userpassword"]))? $arrayAttributes["userpassword"][0] : $arrayAttributes["userpassword"]) : ""),
|
|
|
|
|
"sFullname" => trim((isset($arrayAttributes["cn"]))? ((is_array($arrayAttributes["cn"]))? $arrayAttributes["cn"][0] : $arrayAttributes["cn"]) : ""),
|
|
|
|
|
"sFirstname" => trim((isset($arrayAttributes["givenname"]))? ((is_array($arrayAttributes["givenname"]))? $arrayAttributes["givenname"][0] : $arrayAttributes["givenname"]) : ""),
|
|
|
|
|
"sLastname" => trim((isset($arrayAttributes["sn"]))? ((is_array($arrayAttributes["sn"]))? $arrayAttributes["sn"][0] : $arrayAttributes["sn"]) : ""),
|
|
|
|
|
"sEmail" => trim((isset($arrayAttributes[$keyMail]))? ((is_array($arrayAttributes[$keyMail]))? $arrayAttributes[$keyMail][0] : $arrayAttributes[$keyMail]) : ""),
|
|
|
|
|
"sDN" => trim($arrayAttributes["dn"]),
|
|
|
|
|
"sManagerDN" => trim((isset($arrayAttributes["manager"]))? ((is_array($arrayAttributes["manager"]))? $arrayAttributes["manager"][0] : $arrayAttributes["manager"]) : "")
|
|
|
|
|
);
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This method searches for the users that has some attribute
|
|
|
|
|
* that matches the keyword.
|
|
|
|
|
* @param String $keyword search criteria
|
|
|
|
|
* @return array Users that match the search criteria
|
|
|
|
|
*/
|
|
|
|
|
public function searchUsers($keyword, $start = null, $limit = null)
|
|
|
|
|
{
|
|
|
|
|
$arrayUser = array();
|
|
|
|
|
$totalUser = 0;
|
|
|
|
|
$countUser = 0;
|
|
|
|
|
|
|
|
|
|
$keyword = trim(trim($keyword), "*");
|
|
|
|
|
$keyword = ($keyword != "")? "*$keyword*" : "*";
|
|
|
|
|
|
|
|
|
|
$paged = !is_null($start) && !is_null($limit);
|
|
|
|
|
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
|
|
|
|
|
if (is_null($rbac->authSourcesObj)) {
|
|
|
|
|
$rbac->authSourcesObj = new AuthenticationSource();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
|
|
|
|
|
$attributeUserSet = array();
|
|
|
|
|
$attributeSetAdd = array();
|
|
|
|
|
|
|
|
|
|
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
|
|
|
|
|
&& !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
|
|
|
|
|
) {
|
|
|
|
|
foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"] as $value) {
|
|
|
|
|
$attributeSetAdd[] = $value['attributeLdap'];
|
|
|
|
|
$attributeUserSet[$value['attributeUser']] = $value['attributeLdap'];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (is_null($this->ldapcnn)) {
|
|
|
|
|
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ldapcnn = $this->ldapcnn;
|
|
|
|
|
|
|
|
|
|
//Get Users
|
|
|
|
|
if (!isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"])) {
|
|
|
|
|
$arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
|
|
|
|
|
|
|
|
|
|
$filterUsers = trim($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"]);
|
|
|
|
|
|
|
|
|
|
$filter = ($filterUsers != "")? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
|
|
|
|
|
$filter = "(&$filter(|(dn=$keyword)(uid=$keyword)(samaccountname=$keyword)(givenname=$keyword)(sn=$keyword)(cn=$keyword)(mail=$keyword)(userprincipalname=$keyword)))";
|
|
|
|
|
|
|
|
|
|
$oSearch = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($oError = ldap_errno($ldapcnn)) {
|
2015-06-09 16:14:01 -04:00
|
|
|
$this->log($ldapcnn, "Error in Search users");
|
|
|
|
|
} else {
|
|
|
|
|
if ($oSearch) {
|
2016-04-14 13:15:17 -04:00
|
|
|
$entries = ldap_count_entries($ldapcnn, $oSearch);
|
2015-06-09 16:14:01 -04:00
|
|
|
$totalUser = $entries;
|
|
|
|
|
|
|
|
|
|
if ( $entries > 0) {
|
2016-04-14 13:15:17 -04:00
|
|
|
$oEntry = ldap_first_entry($ldapcnn, $oSearch);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
$countEntries=0;
|
|
|
|
|
|
|
|
|
|
$flagNextRecord = true;
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
$aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry);
|
|
|
|
|
$sUsername = (isset($aAttr[$uidUserIdentifier]))? $aAttr[$uidUserIdentifier] : "";
|
|
|
|
|
|
|
|
|
|
if ((is_array($sUsername) && !empty($sUsername)) || trim($sUsername) != "") {
|
|
|
|
|
$countUser++;
|
|
|
|
|
|
|
|
|
|
/*Active Directory userAccountControl Values
|
|
|
|
|
Normal Day to Day Values:
|
|
|
|
|
512 - Enable Account
|
|
|
|
|
514 - Disable account
|
|
|
|
|
544 - Account Enabled - Require user to change password at first logon
|
|
|
|
|
4096 - Workstation/server
|
|
|
|
|
66048 - Enabled, password never expires
|
|
|
|
|
66050 - Disabled, password never expires
|
|
|
|
|
262656 - Smart Card Logon Required
|
|
|
|
|
532480 - Domain controller
|
|
|
|
|
1 - script
|
|
|
|
|
2 - accountdisable
|
|
|
|
|
8 - homedir_required
|
|
|
|
|
16 - lockout
|
|
|
|
|
32 - passwd_notreqd
|
|
|
|
|
64 - passwd_cant_change
|
|
|
|
|
128 - encrypted_text_pwd_allowed
|
|
|
|
|
256 - temp_duplicate_account
|
|
|
|
|
512 - normal_account
|
|
|
|
|
2048 - interdomain_trust_account
|
|
|
|
|
4096 - workstation_trust_account
|
|
|
|
|
8192 - server_trust_account
|
|
|
|
|
65536 - dont_expire_password
|
|
|
|
|
131072 - mns_logon_account
|
|
|
|
|
262144 - smartcard_required
|
|
|
|
|
524288 - trusted_for_delegation
|
|
|
|
|
1048576 - not_delegated
|
|
|
|
|
2097152 - use_des_key_only
|
|
|
|
|
4194304 - dont_req_preauth
|
|
|
|
|
8388608 - password_expired
|
|
|
|
|
16777216 - trusted_to_auth_for_delegation
|
|
|
|
|
*/
|
|
|
|
|
$userCountControl = '';
|
|
|
|
|
//Active Directory, openLdap
|
|
|
|
|
if (isset($aAttr['useraccountcontrol'])) {
|
|
|
|
|
switch ($aAttr['useraccountcontrol']) {
|
|
|
|
|
case '512':
|
|
|
|
|
case '544':
|
|
|
|
|
case '66048':
|
|
|
|
|
case '66080':
|
|
|
|
|
$userCountControl = 'ACTIVE';
|
|
|
|
|
break;
|
|
|
|
|
case '514':
|
|
|
|
|
case '546':
|
|
|
|
|
case '66050':
|
|
|
|
|
case '66082':
|
|
|
|
|
case '2':
|
|
|
|
|
case '16':
|
|
|
|
|
case '8388608':
|
|
|
|
|
default:
|
|
|
|
|
$userCountControl = 'INACTIVE';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
//apache ldap
|
|
|
|
|
if (isset($aAttr['status'])) {
|
|
|
|
|
$userCountControl = strtoupper($aAttr['status']);
|
|
|
|
|
}
|
|
|
|
|
$aUserAttributes = array();
|
|
|
|
|
foreach ($attributeUserSet as $key => $value) {
|
|
|
|
|
if ($key == 'USR_STATUS') {
|
|
|
|
|
$aUserAttributes[$key] = ($userCountControl != '') ? $userCountControl : 'ACTIVE';
|
|
|
|
|
} elseif (isset($aAttr[ $value ])) {
|
|
|
|
|
$aUserAttributes[$key] = $aAttr[ $value ];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($paged) {
|
|
|
|
|
if ($countUser - 1 <= $start + $limit - 1) {
|
|
|
|
|
if ($start <= $countUser - 1) {
|
|
|
|
|
$arrayUser[] = array_merge($this->getUserDataFromAttribute($sUsername, $aAttr), $aUserAttributes);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$flagNextRecord = false;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$arrayUser[] = array_merge($this->getUserDataFromAttribute($sUsername, $aAttr), $aUserAttributes);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$countEntries++;
|
|
|
|
|
}
|
2016-04-14 13:15:17 -04:00
|
|
|
} while (($oEntry = ldap_next_entry($ldapcnn, $oEntry)) && $flagNextRecord);
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
$sUsers = "found $countEntries users: ";
|
|
|
|
|
|
|
|
|
|
foreach ($aUsers as $key => $val) {
|
|
|
|
|
$sUsers .= $val['sUsername'] . ' ';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->log($ldapcnn, $sUsers);
|
|
|
|
|
*/
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return ($paged)? array("numRecTotal" => $totalUser, "data" => $arrayUser) : $arrayUser;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This method search in the ldap/active directory source for an user using the UID, (samaccountname or uid )
|
|
|
|
|
* the value should be in $aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER']
|
|
|
|
|
* @param String $keyword The keyword in order to match the record with the identifier attribute
|
|
|
|
|
* @param String $identifier id identifier, this parameter is optional
|
|
|
|
|
* @return mixed if the user has been found or not
|
|
|
|
|
*/
|
|
|
|
|
public function searchUserByUid($keyword, $identifier = "")
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$arrayUserData = array();
|
|
|
|
|
|
|
|
|
|
//Set variables
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
//$rbac->userObj = new RbacUsers();
|
|
|
|
|
|
|
|
|
|
if (is_null($rbac->authSourcesObj)) {
|
|
|
|
|
$rbac->authSourcesObj = new AuthenticationSource();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
|
|
|
|
|
|
|
|
|
|
if (is_null($this->ldapcnn)) {
|
|
|
|
|
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ldapcnn = $this->ldapcnn;
|
|
|
|
|
|
|
|
|
|
//Get User
|
|
|
|
|
$attributeUserSet = array();
|
|
|
|
|
$attributeSetAdd = array();
|
|
|
|
|
|
|
|
|
|
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
|
|
|
|
|
&& !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
|
|
|
|
|
) {
|
|
|
|
|
foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"] as $value) {
|
|
|
|
|
$attributeSetAdd[] = $value["attributeLdap"];
|
|
|
|
|
$attributeUserSet[$value["attributeUser"]] = $value["attributeLdap"];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
|
|
|
|
|
|
|
|
|
|
$filter2 = "";
|
|
|
|
|
|
|
|
|
|
if ($identifier != "" && $identifier != $uidUserIdentifier) {
|
|
|
|
|
$filter2 = "($identifier=$keyword)";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$filter = "(&(" . $this->arrayObjectClassFilter["user"] . ")(|($uidUserIdentifier=$keyword)$filter2))";
|
|
|
|
|
|
|
|
|
|
$searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
2015-06-09 16:14:01 -04:00
|
|
|
//
|
|
|
|
|
} else {
|
|
|
|
|
if ($searchResult) {
|
2016-04-14 13:15:17 -04:00
|
|
|
$numEntries = ldap_count_entries($ldapcnn, $searchResult);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
if ($numEntries > 0) {
|
2016-04-14 13:15:17 -04:00
|
|
|
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
|
|
|
|
|
|
|
|
|
|
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : "";
|
|
|
|
|
|
|
|
|
|
if ((is_array($username) && !empty($username)) || trim($username) != "") {
|
|
|
|
|
$userCountControl = "";
|
|
|
|
|
|
|
|
|
|
//Active Directory, OpenLDAP
|
|
|
|
|
if (isset($arrayUserLdap["useraccountcontrol"])) {
|
|
|
|
|
switch ($arrayUserLdap["useraccountcontrol"]) {
|
|
|
|
|
case "512":
|
|
|
|
|
case "544":
|
|
|
|
|
case "66048":
|
|
|
|
|
case "66080":
|
|
|
|
|
$userCountControl = "ACTIVE";
|
|
|
|
|
break;
|
|
|
|
|
case "514":
|
|
|
|
|
case "546":
|
|
|
|
|
case "66050":
|
|
|
|
|
case "66082":
|
|
|
|
|
case "2":
|
|
|
|
|
case "16":
|
|
|
|
|
case "8388608":
|
|
|
|
|
default:
|
|
|
|
|
$userCountControl = "INACTIVE";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Apache LDAP
|
|
|
|
|
if (isset($arrayUserLdap["status"])) {
|
|
|
|
|
$userCountControl = strtoupper($arrayUserLdap["status"]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$aUserAttributes = array();
|
|
|
|
|
|
|
|
|
|
foreach ($attributeUserSet as $key => $value) {
|
|
|
|
|
if ($key == "USR_STATUS") {
|
|
|
|
|
$aUserAttributes[$key] = ($userCountControl != "")? $userCountControl : "ACTIVE";
|
|
|
|
|
} else {
|
|
|
|
|
if (isset($arrayUserLdap[$value])) {
|
|
|
|
|
$aUserAttributes[$key] = $arrayUserLdap[$value];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayUserData = array_merge($this->getUserDataFromAttribute($username, $arrayUserLdap), $aUserAttributes);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return $arrayUserData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function automaticRegister($aAuthSource, $strUser, $strPass)
|
|
|
|
|
{
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
|
|
|
|
|
if ($rbac->userObj == null) {
|
|
|
|
|
$rbac->userObj = new RbacUsers();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($rbac->rolesObj == null) {
|
|
|
|
|
$rbac->rolesObj = new Roles();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$user = $this->searchUserByUid($strUser);
|
|
|
|
|
|
|
|
|
|
$res = 0;
|
|
|
|
|
|
|
|
|
|
if (!empty($user)) {
|
|
|
|
|
if ($this->VerifyLogin( $user['sUsername'], $strPass) === true) {
|
|
|
|
|
$res = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($res == 0 && $this->VerifyLogin( $user['sDN'], $strPass) === true) {
|
|
|
|
|
$res = 1;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return $res;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($res == 0) {
|
|
|
|
|
$aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource);
|
|
|
|
|
$aAttributes = array();
|
|
|
|
|
|
|
|
|
|
if (isset($aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'])) {
|
|
|
|
|
$aAttributes = $aAuthSource['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$aData = array();
|
|
|
|
|
$aData['USR_USERNAME'] = $user['sUsername'];
|
|
|
|
|
$aData["USR_PASSWORD"] = "00000000000000000000000000000000";
|
|
|
|
|
$aData['USR_FIRSTNAME'] = $user['sFirstname'];
|
|
|
|
|
$aData['USR_LASTNAME'] = $user['sLastname'];
|
|
|
|
|
$aData['USR_EMAIL'] = $user['sEmail'];
|
|
|
|
|
$aData['USR_DUE_DATE'] = date('Y-m-d', mktime(0, 0, 0, date('m'), date('d'), date('Y') + 2));
|
|
|
|
|
$aData['USR_CREATE_DATE'] = date('Y-m-d H:i:s');
|
|
|
|
|
$aData['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
|
|
|
|
|
$aData['USR_BIRTHDAY'] = date('Y-m-d');
|
|
|
|
|
$aData['USR_STATUS'] = (isset($user['USR_STATUS'])) ? (($user['USR_STATUS'] == 'ACTIVE') ? 1 : 0) : 1;
|
|
|
|
|
$aData['USR_AUTH_TYPE'] = strtolower($aAuthSource['AUTH_SOURCE_PROVIDER']);
|
|
|
|
|
$aData['UID_AUTH_SOURCE'] = $aAuthSource['AUTH_SOURCE_UID'];
|
|
|
|
|
$aData['USR_AUTH_USER_DN'] = $user['sDN'];
|
|
|
|
|
$aData['USR_ROLE'] = 'PROCESSMAKER_OPERATOR';
|
|
|
|
|
|
|
|
|
|
if (!empty($aAttributes)) {
|
|
|
|
|
foreach ($aAttributes as $value) {
|
|
|
|
|
if (isset( $user[$value['attributeUser']] )) {
|
|
|
|
|
$aData[$value['attributeUser']] = str_replace( "*", "'", $user[$value['attributeUser']] );
|
|
|
|
|
if ($value['attributeUser'] == 'USR_STATUS') {
|
|
|
|
|
$evalValue = $aData[$value['attributeUser']];
|
|
|
|
|
$statusValue = (isset($user['USR_STATUS'])) ? $user['USR_STATUS'] :'ACTIVE';
|
|
|
|
|
$aData[$value['attributeUser']] = $statusValue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//req - accountexpires
|
|
|
|
|
if (isset($user["USR_DUE_DATE"]) && $user["USR_DUE_DATE"]!='' ) {
|
|
|
|
|
$aData["USR_DUE_DATE"] = $this->convertDateADtoPM($user["USR_DUE_DATE"]);
|
|
|
|
|
}
|
|
|
|
|
//end
|
|
|
|
|
|
|
|
|
|
$sUserUID = $rbac->createUser($aData, 'PROCESSMAKER_OPERATOR');
|
|
|
|
|
$aData['USR_UID'] = $sUserUID;
|
|
|
|
|
|
|
|
|
|
require_once 'classes/model/Users.php';
|
|
|
|
|
|
|
|
|
|
$oUser = new Users();
|
|
|
|
|
$aData['USR_STATUS'] = (isset($user['USR_STATUS'])) ? $user['USR_STATUS'] : 'ACTIVE';
|
|
|
|
|
$oUser->create($aData);
|
|
|
|
|
$this->log(null, "Automatic Register for user $strUser ");
|
|
|
|
|
$res = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $res;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get a deparment list
|
|
|
|
|
* @return <type>
|
|
|
|
|
*/
|
|
|
|
|
public function searchDepartments()
|
|
|
|
|
{
|
2016-04-14 13:15:17 -04:00
|
|
|
try {
|
|
|
|
|
$arrayDepartment = [];
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
//Set variables
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if (is_null($rbac->authSourcesObj)) {
|
|
|
|
|
$rbac->authSourcesObj = new AuthenticationSource();
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if (is_null($this->ldapcnn)) {
|
|
|
|
|
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$ldapcnn = $this->ldapcnn;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
//Get Departments
|
2016-04-22 11:19:13 -04:00
|
|
|
$limit = $this->__getPageSizeLimitByData($arrayAuthenticationSourceData);
|
2016-04-14 13:15:17 -04:00
|
|
|
$flagError = false;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$filter = '(' . $this->arrayObjectClassFilter['department'] . ')';
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$this->log($ldapcnn, 'search Departments with Filter: ' . $filter);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$unitsBase = $this->custom_ldap_explode_dn($arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN']);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$cookie = '';
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
do {
|
|
|
|
|
ldap_control_paged_result($ldapcnn, $limit, true, $cookie);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'ou']);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
|
|
|
|
$this->log($ldapcnn, 'Error in Search');
|
|
|
|
|
|
|
|
|
|
$flagError = true;
|
|
|
|
|
} else {
|
|
|
|
|
if ($searchResult) {
|
|
|
|
|
//The first node is root
|
|
|
|
|
if (empty($arrayDepartment)) {
|
|
|
|
|
$arrayDepartment[] = [
|
|
|
|
|
'dn' => $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'],
|
|
|
|
|
'parent' => '',
|
|
|
|
|
'ou' => 'ROOT',
|
|
|
|
|
'users' => 0
|
|
|
|
|
];
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
//Get departments from the ldap entries
|
|
|
|
|
if (ldap_count_entries($ldapcnn, $searchResult) > 0) {
|
|
|
|
|
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
$arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
|
|
|
|
|
$unitsEqual = $this->custom_ldap_explode_dn($arrayEntryData['dn']);
|
|
|
|
|
|
|
|
|
|
if (count($unitsEqual) == 1 && $unitsEqual[0] == '') {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (count($unitsEqual) > count($unitsBase)) {
|
|
|
|
|
unset($unitsEqual[0]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (isset($arrayEntryData['ou']) && !is_array($arrayEntryData['ou'])) {
|
|
|
|
|
$arrayDepartment[] = [
|
|
|
|
|
'dn' => $arrayEntryData['dn'],
|
|
|
|
|
'parent' => (isset($unitsEqual[1]))? implode(',', $unitsEqual) : '',
|
|
|
|
|
'ou' => trim($arrayEntryData['ou']),
|
|
|
|
|
'users' => 0
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
} while ($entry = ldap_next_entry($ldapcnn, $entry));
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
2016-04-14 13:15:17 -04:00
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if (!$flagError) {
|
|
|
|
|
ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
|
|
|
|
|
}
|
2016-04-14 13:15:17 -04:00
|
|
|
} while (($cookie !== null && $cookie != '') && !$flagError);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$str = '';
|
|
|
|
|
|
|
|
|
|
foreach ($arrayDepartment as $dep) {
|
|
|
|
|
$str .= ' ' . $dep['ou'];
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$this->log($ldapcnn, 'found '. count($arrayDepartment) . ' departments: ' . $str);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
//Return
|
|
|
|
|
return $arrayDepartment;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the Userlist from a department based on the name
|
|
|
|
|
* @param string $departmentName
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
public function getUsersFromDepartmentByName($departmentName)
|
|
|
|
|
{
|
|
|
|
|
$dFilter = "(&(" . $this->arrayObjectClassFilter["department"] . ")(ou=" . $departmentName . "))";
|
|
|
|
|
|
|
|
|
|
$aUsers = array();
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
//$rbac->userObj = new RbacUsers();
|
|
|
|
|
$rbac->authSourcesObj = new AuthenticationSource();
|
|
|
|
|
$aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource);
|
|
|
|
|
|
|
|
|
|
if (is_null($this->ldapcnn)) {
|
|
|
|
|
$this->ldapcnn = $this->ldapConnection($aAuthSource);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ldapcnn = $this->ldapcnn;
|
|
|
|
|
|
|
|
|
|
$oSearch = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $dFilter, $this->arrayAttributesForUser);
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($oError = ldap_errno($ldapcnn)) {
|
2015-06-09 16:14:01 -04:00
|
|
|
return $aUsers;
|
|
|
|
|
} else {
|
|
|
|
|
if ($oSearch) {
|
|
|
|
|
//get the departments from the ldap entries
|
2016-04-14 13:15:17 -04:00
|
|
|
if (ldap_count_entries($ldapcnn, $oSearch) > 0) {
|
|
|
|
|
$oEntry = ldap_first_entry($ldapcnn, $oSearch);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
$aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry);
|
|
|
|
|
$aUsers[] = $this->ldapGetUsersFromDepartment("GET", $aAttr["dn"]);
|
2016-04-14 13:15:17 -04:00
|
|
|
} while ($oEntry = ldap_next_entry($ldapcnn, $oEntry));
|
2015-06-09 16:14:01 -04:00
|
|
|
//$this->createDepartments ($aDepts);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $aUsers;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if the department exists and returns the PM UID
|
|
|
|
|
* @param <type> $currentDN
|
|
|
|
|
* @return <type>
|
|
|
|
|
*/
|
|
|
|
|
public function getDepUidIfExistsDN ($currentDN)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$oCriteria = new Criteria('workflow');
|
|
|
|
|
$oCriteria->add(DepartmentPeer::DEP_STATUS , 'ACTIVE' );
|
|
|
|
|
$oCriteria->add(DepartmentPeer::DEP_LDAP_DN, $currentDN );
|
|
|
|
|
|
|
|
|
|
$oDataset = DepartmentPeer::doSelectRS($oCriteria);
|
|
|
|
|
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
if ($oDataset->next()) {
|
|
|
|
|
$aRow = $oDataset->getRow();
|
|
|
|
|
|
|
|
|
|
return $aRow["DEP_UID"];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "";
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get number of Users in each Department from the Database
|
|
|
|
|
*
|
|
|
|
|
* return array Return array with the number of Users in each Department from the Database
|
|
|
|
|
*/
|
|
|
|
|
public function departmentsGetNumberOfUsersFromDb()
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$arrayData = array();
|
|
|
|
|
|
|
|
|
|
//Get data
|
|
|
|
|
$criteria = new Criteria("workflow");
|
|
|
|
|
|
|
|
|
|
$criteria->addSelectColumn(UsersPeer::DEP_UID);
|
|
|
|
|
$criteria->addSelectColumn("COUNT(" . UsersPeer::DEP_UID . ") AS NUM_REC");
|
|
|
|
|
$criteria->add(UsersPeer::USR_STATUS, "CLOSED", Criteria::NOT_EQUAL);
|
|
|
|
|
$criteria->add(UsersPeer::DEP_UID, "", Criteria::NOT_EQUAL);
|
|
|
|
|
$criteria->add(UsersPeer::DEP_UID, null, Criteria::ISNOTNULL);
|
|
|
|
|
$criteria->addGroupByColumn(UsersPeer::DEP_UID);
|
|
|
|
|
|
|
|
|
|
$rsCriteria = UsersPeer::doSelectRS($criteria);
|
|
|
|
|
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
while ($rsCriteria->next()) {
|
|
|
|
|
$row = $rsCriteria->getRow();
|
|
|
|
|
|
|
|
|
|
$arrayData[$row["DEP_UID"]] = $row["NUM_REC"];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return $arrayData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function userIsTerminated($userUid, $sOuTerminated)
|
|
|
|
|
{
|
|
|
|
|
$terminated = false;
|
|
|
|
|
$aLdapUsers = $this->getUsersFromDepartmentByName($sOuTerminated);
|
|
|
|
|
|
|
|
|
|
foreach ($aLdapUsers as $aLdapUser) {
|
|
|
|
|
if ($aLdapUser['sUsername'] == $userUid) {
|
|
|
|
|
$terminated = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $terminated;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* activate an user previously deactivated
|
|
|
|
|
if user is now in another department, we need the second parameter, the depUid
|
|
|
|
|
|
|
|
|
|
@param string $userUid
|
|
|
|
|
@param string optional department DN
|
|
|
|
|
@param string optional DepUid
|
|
|
|
|
*/
|
|
|
|
|
public function activateUser($userUid, $userDn = null, $depUid = null)
|
|
|
|
|
{
|
|
|
|
|
if (!class_exists('RbacUsers')) {
|
|
|
|
|
require_once(PATH_RBAC.'model/RbacUsers.php');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME);
|
|
|
|
|
// select set
|
|
|
|
|
$c1 = new Criteria('rbac');
|
|
|
|
|
$c1->add(RbacUsersPeer::USR_UID, $userUid);
|
|
|
|
|
// update set
|
|
|
|
|
$c2 = new Criteria('rbac');
|
|
|
|
|
$c2->add(RbacUsersPeer::USR_STATUS, '1');
|
|
|
|
|
|
|
|
|
|
if ($userDn != null) {
|
|
|
|
|
$c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $userDn);
|
|
|
|
|
$c2->add(RbacUsersPeer::USR_AUTH_SUPERVISOR_DN, '');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BasePeer::doUpdate($c1, $c2, $con);
|
|
|
|
|
|
|
|
|
|
if (!class_exists('Users')) {
|
|
|
|
|
require_once('classes/model/Users.php');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$con = Propel::getConnection(UsersPeer::DATABASE_NAME);
|
|
|
|
|
// select set
|
|
|
|
|
$c1 = new Criteria('workflow');
|
|
|
|
|
$c1->add(UsersPeer::USR_UID, $userUid);
|
|
|
|
|
// update set
|
|
|
|
|
$c2 = new Criteria('workflow');
|
|
|
|
|
$c2->add(UsersPeer::USR_STATUS, 'ACTIVE');
|
|
|
|
|
|
|
|
|
|
if ($depUid != null) {
|
|
|
|
|
$c2->add(UsersPeer::DEP_UID, $depUid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BasePeer::doUpdate($c1, $c2, $con);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function deactivateUser ($userUid)
|
|
|
|
|
{
|
|
|
|
|
if (!class_exists('RbacUsers')) {
|
|
|
|
|
require_once(PATH_RBAC.'model/RbacUsers.php');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME);
|
|
|
|
|
// select set
|
|
|
|
|
$c1 = new Criteria('rbac');
|
|
|
|
|
$c1->add(RbacUsersPeer::USR_USERNAME, $userUid);
|
|
|
|
|
// update set
|
|
|
|
|
$c2 = new Criteria('rbac');
|
|
|
|
|
$c2->add(RbacUsersPeer::USR_STATUS, '0');
|
|
|
|
|
|
|
|
|
|
BasePeer::doUpdate($c1, $c2, $con);
|
|
|
|
|
|
|
|
|
|
if (!class_exists('Users')) {
|
|
|
|
|
require_once('classes/model/Users.php');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$con = Propel::getConnection(UsersPeer::DATABASE_NAME);
|
|
|
|
|
// select set
|
|
|
|
|
$c1 = new Criteria('workflow');
|
|
|
|
|
$c1->add(UsersPeer::USR_USERNAME, $userUid);
|
|
|
|
|
// update set
|
|
|
|
|
$c2 = new Criteria('workflow');
|
|
|
|
|
$c2->add(UsersPeer::USR_STATUS, 'INACTIVE');
|
|
|
|
|
$c2->add(UsersPeer::DEP_UID, '');
|
|
|
|
|
|
|
|
|
|
BasePeer::doUpdate($c1, $c2, $con);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getTerminatedOu()
|
|
|
|
|
{
|
|
|
|
|
if (trim($this->sAuthSource)!='') {
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
$aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource);
|
|
|
|
|
$attributes = $aAuthSource['AUTH_SOURCE_DATA'];
|
|
|
|
|
$this->sTerminatedOu = isset($attributes['AUTH_SOURCE_RETIRED_OU'])?$attributes['AUTH_SOURCE_RETIRED_OU']:'';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->sTerminatedOu;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
get all authsource for this plugin ( ldapAdvanced plugin, because other authsources are not needed )
|
|
|
|
|
this function is used only by cron
|
|
|
|
|
returns only AUTH_SOURCE_PROVIDER = ldapAdvanced
|
|
|
|
|
|
|
|
|
|
@return array with authsources with type = ldap
|
|
|
|
|
*/
|
|
|
|
|
public function getAuthSources()
|
|
|
|
|
{
|
|
|
|
|
require_once(PATH_RBAC.'model/AuthenticationSource.php');
|
|
|
|
|
|
|
|
|
|
$oCriteria = new Criteria('rbac');
|
|
|
|
|
$aAuthSources = array();
|
|
|
|
|
|
|
|
|
|
$oAuthSource = new AuthenticationSource();
|
|
|
|
|
$oCriteria = $oAuthSource->getAllAuthSources();
|
|
|
|
|
$oDataset = AuthenticationSourcePeer::doSelectRS($oCriteria);
|
|
|
|
|
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
while ($oDataset->next()) {
|
|
|
|
|
$aRow = $oDataset->getRow();
|
|
|
|
|
|
|
|
|
|
if ($aRow['AUTH_SOURCE_PROVIDER'] == 'ldapAdvanced') {
|
|
|
|
|
$aRow["AUTH_SOURCE_DATA"] = ($aRow["AUTH_SOURCE_DATA"] != "")? unserialize($aRow["AUTH_SOURCE_DATA"]) : array();
|
|
|
|
|
|
|
|
|
|
$aAuthSources[] = $aRow;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $aAuthSources;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
function to get departments from the array previously obtained from LDAP
|
|
|
|
|
we are calling registered departments
|
|
|
|
|
it is a recursive function, in the first call with an array with first top level departments from PM
|
|
|
|
|
then go thru all departments and obtain a list of departments already created in PM and pass that array
|
|
|
|
|
to next function to synchronize All users for each department
|
|
|
|
|
this function is used in cron only
|
|
|
|
|
|
|
|
|
|
@param array departments obtained from LDAP/Active Directory
|
|
|
|
|
@param array of departments, first call have only top level departments
|
|
|
|
|
*/
|
|
|
|
|
public function getRegisteredDepartments(array $arrayLdapDepartment, array $arrayDbDepartment)
|
|
|
|
|
{
|
|
|
|
|
$aResult = array();
|
|
|
|
|
|
|
|
|
|
if (!empty($arrayLdapDepartment)) {
|
|
|
|
|
$arrayLdapDepartment[0]["ou"] = $arrayLdapDepartment[0]["ou"] . " " . $arrayLdapDepartment[0]["dn"]; //Discard ROOT
|
|
|
|
|
|
|
|
|
|
foreach ($arrayLdapDepartment as $ldapDept) {
|
|
|
|
|
//$flagExists = false;
|
|
|
|
|
//
|
|
|
|
|
//foreach ($aResult as $value2) {
|
|
|
|
|
// $arrayDepartmentData = $value2;
|
|
|
|
|
//
|
|
|
|
|
// if ($arrayDepartmentData["DEP_LDAP_DN"] == $ldapDept["dn"]) {
|
|
|
|
|
// $flagExists = true;
|
|
|
|
|
// break;
|
|
|
|
|
// }
|
|
|
|
|
//}
|
|
|
|
|
//
|
|
|
|
|
//if ($flagExists) {
|
|
|
|
|
// continue;
|
|
|
|
|
//}
|
|
|
|
|
|
|
|
|
|
foreach ($arrayDbDepartment as $department) {
|
|
|
|
|
if ($department["DEP_TITLE"] == $ldapDept["ou"] && $department["DEP_LDAP_DN"] == $ldapDept["dn"]) {
|
|
|
|
|
$aResult[] = $department;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
//if ($department["HAS_CHILDREN"] != 0) {
|
|
|
|
|
// $aTempDepartments = $this->getDepartments($department["DEP_UID"]);
|
|
|
|
|
// $aTempRegistered = $this->getRegisteredDepartments($arrayLdapDepartment, $aTempDepartments);
|
|
|
|
|
// $aResult = array_merge($aResult, $aTempRegistered);
|
|
|
|
|
//}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $aResult;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
select departments but it is not recursive, only returns departments in this level
|
|
|
|
|
@param string $DepParent the DEP_UID for parent department
|
|
|
|
|
*/
|
|
|
|
|
public function getDepartments($DepParent)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$result = array();
|
|
|
|
|
$criteria = new Criteria('workflow');
|
|
|
|
|
|
|
|
|
|
if (!empty($DepParent)) {
|
|
|
|
|
$criteria->add(DepartmentPeer::DEP_PARENT, $DepParent);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$con = Propel::getConnection(DepartmentPeer::DATABASE_NAME);
|
|
|
|
|
$objects = DepartmentPeer::doSelect($criteria, $con);
|
|
|
|
|
|
|
|
|
|
foreach ($objects as $oDepartment) {
|
|
|
|
|
$node = array();
|
|
|
|
|
$node['DEP_UID'] = $oDepartment->getDepUid();
|
|
|
|
|
$node['DEP_PARENT'] = $oDepartment->getDepParent();
|
|
|
|
|
$node['DEP_TITLE'] = stripslashes($oDepartment->getDepTitle());
|
|
|
|
|
$node['DEP_STATUS'] = $oDepartment->getDepStatus();
|
|
|
|
|
$node['DEP_MANAGER'] = $oDepartment->getDepManager();
|
|
|
|
|
$node['DEP_LDAP_DN'] = $oDepartment->getDepLdapDn();
|
|
|
|
|
$node['DEP_LAST'] = 0;
|
|
|
|
|
|
|
|
|
|
$criteriaCount = new Criteria('workflow');
|
|
|
|
|
$criteriaCount->clearSelectColumns();
|
|
|
|
|
$criteriaCount->addSelectColumn( 'COUNT(*)' );
|
|
|
|
|
$criteriaCount->add(DepartmentPeer::DEP_PARENT, $oDepartment->getDepUid(), Criteria::EQUAL);
|
|
|
|
|
$rs = DepartmentPeer::doSelectRS($criteriaCount);
|
|
|
|
|
$rs->next();
|
|
|
|
|
$row = $rs->getRow();
|
|
|
|
|
$node['HAS_CHILDREN'] = $row[0];
|
|
|
|
|
$result[] = $node;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( count($result) >= 1 ) {
|
|
|
|
|
$result[ count($result) -1 ]['DEP_LAST'] = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
|
} catch (exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
function to get users from USERS table in wf_workflow and filter by department
|
|
|
|
|
this function is used in cron only
|
|
|
|
|
|
|
|
|
|
@param string department UID ( DEP_UID value )
|
|
|
|
|
@return array of users
|
|
|
|
|
*/
|
|
|
|
|
public function getUserFromPM($username)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$criteria = new Criteria("workflow");
|
|
|
|
|
|
|
|
|
|
$criteria->addSelectColumn(UsersPeer::USR_UID);
|
|
|
|
|
$criteria->addSelectColumn(UsersPeer::USR_USERNAME);
|
|
|
|
|
$criteria->addSelectColumn(UsersPeer::DEP_UID);
|
|
|
|
|
$criteria->add(UsersPeer::USR_STATUS, "CLOSED", Criteria::NOT_EQUAL);
|
|
|
|
|
$criteria->add(UsersPeer::USR_USERNAME, $username, Criteria::EQUAL);
|
|
|
|
|
|
|
|
|
|
$rsCriteria = UsersPeer::doSelectRS($criteria);
|
|
|
|
|
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
if ($rsCriteria->next()) {
|
|
|
|
|
return $rsCriteria->getRow();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return array();
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
get all user (UID, USERNAME) moved to Removed OU
|
|
|
|
|
this function is used in cron only
|
|
|
|
|
|
|
|
|
|
@param array authSource row, in this fuction we are validating if Removed OU is defined or not
|
|
|
|
|
@return array of users
|
|
|
|
|
*/
|
|
|
|
|
public function getUsersFromRemovedOu($aAuthSource)
|
|
|
|
|
{
|
|
|
|
|
$aUsers = array(); //empty array is the default result
|
|
|
|
|
$attributes = $aAuthSource["AUTH_SOURCE_DATA"];
|
|
|
|
|
$this->sTerminatedOu = isset($attributes['AUTH_SOURCE_RETIRED_OU'])? trim($attributes['AUTH_SOURCE_RETIRED_OU']) : '';
|
|
|
|
|
|
|
|
|
|
if ($this->sTerminatedOu == '' ) {
|
|
|
|
|
return $aUsers;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->getUsersFromDepartmentByName( $this->sTerminatedOu );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
set STATUS=0 for all users in the array $aUsers
|
|
|
|
|
this functin is used to deactivate an array of users ( usually used for Removed OU )
|
|
|
|
|
this function is used in cron only
|
|
|
|
|
|
|
|
|
|
@param array authSource row, in this fuction we are validating if Removed OU is defined or not
|
|
|
|
|
@return array of users
|
|
|
|
|
*/
|
|
|
|
|
public function deactiveArrayOfUsers($aUsers)
|
|
|
|
|
{
|
|
|
|
|
if (!class_exists('RbacUsers')) {
|
|
|
|
|
require_once(PATH_RBAC.'model/RbacUsers.php');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!class_exists('Users')) {
|
|
|
|
|
require_once('classes/model/Users.php');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$aUsrUid = array();
|
|
|
|
|
|
|
|
|
|
foreach ($aUsers as $key => $val) {
|
|
|
|
|
$aUsrUid[] = $val['sUsername'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$con = Propel::getConnection('rbac');
|
|
|
|
|
// select set
|
|
|
|
|
$c1 = new Criteria('rbac');
|
|
|
|
|
$c1->add(RbacUsersPeer::USR_USERNAME, $aUsrUid, Criteria::IN );
|
|
|
|
|
$c1->add(RbacUsersPeer::USR_STATUS, 1 );
|
|
|
|
|
// update set
|
|
|
|
|
$c2 = new Criteria('rbac');
|
|
|
|
|
$c2->add(RbacUsersPeer::USR_STATUS, '0');
|
|
|
|
|
BasePeer::doUpdate($c1, $c2, $con);
|
|
|
|
|
|
|
|
|
|
$con = Propel::getConnection('workflow');
|
|
|
|
|
// select set
|
|
|
|
|
$c1 = new Criteria('workflow');
|
|
|
|
|
$c1->add(UsersPeer::USR_USERNAME, $aUsrUid, Criteria::IN );
|
|
|
|
|
// update set
|
|
|
|
|
$c2 = new Criteria('workflow');
|
|
|
|
|
$c2->add(UsersPeer::USR_STATUS, 'INACTIVE');
|
|
|
|
|
$c2->add(UsersPeer::DEP_UID, '');
|
|
|
|
|
|
|
|
|
|
BasePeer::doUpdate($c1, $c2, $con);
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
creates an users using the data send in the array $aUsers
|
|
|
|
|
and then add the user to specific department
|
|
|
|
|
this function is used in cron only
|
|
|
|
|
|
|
|
|
|
@param array $aUser info taken from ldap
|
|
|
|
|
@param string $depUid the department UID
|
|
|
|
|
@return boolean
|
|
|
|
|
*/
|
|
|
|
|
public function createUserAndActivate($aUser, $depUid)
|
|
|
|
|
{
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
|
|
|
|
|
if ($rbac->userObj == null) {
|
|
|
|
|
$rbac->userObj = new RbacUsers();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($rbac->rolesObj == null) {
|
|
|
|
|
$rbac->rolesObj = new Roles();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($rbac->usersRolesObj == null) {
|
|
|
|
|
$rbac->usersRolesObj = new UsersRoles();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sUsername = $aUser['sUsername'];
|
|
|
|
|
$sFullname = $aUser['sFullname'];
|
|
|
|
|
$sFirstname = $aUser['sFirstname'];
|
|
|
|
|
$sLastname = $aUser['sLastname'];
|
|
|
|
|
$sEmail = $aUser['sEmail'];
|
|
|
|
|
$sDn = $aUser['sDN'];
|
|
|
|
|
|
|
|
|
|
$aData = array();
|
|
|
|
|
$aData['USR_USERNAME'] = $sUsername;
|
|
|
|
|
$aData["USR_PASSWORD"] = "00000000000000000000000000000000";
|
|
|
|
|
$aData['USR_FIRSTNAME'] = $sFirstname;
|
|
|
|
|
$aData['USR_LASTNAME'] = $sLastname;
|
|
|
|
|
$aData['USR_EMAIL'] = $sEmail;
|
|
|
|
|
$aData['USR_DUE_DATE'] = date('Y-m-d', mktime(0, 0, 0, date('m'), date('d'), date('Y') + 2));
|
|
|
|
|
$aData['USR_CREATE_DATE'] = date('Y-m-d H:i:s');
|
|
|
|
|
$aData['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
|
|
|
|
|
$aData['USR_BIRTHDAY'] = date('Y-m-d');
|
|
|
|
|
$aData['USR_STATUS'] = 1;
|
|
|
|
|
$aData['USR_AUTH_TYPE'] = 'ldapadvanced';
|
|
|
|
|
$aData['UID_AUTH_SOURCE'] = $this->sAuthSource;
|
|
|
|
|
$aData['USR_AUTH_USER_DN'] = $sDn;
|
|
|
|
|
|
|
|
|
|
$sUserUID = $rbac->createUser($aData, "PROCESSMAKER_OPERATOR");
|
|
|
|
|
|
|
|
|
|
$aData['USR_STATUS'] = 'ACTIVE';
|
|
|
|
|
$aData['USR_UID'] = $sUserUID;
|
|
|
|
|
$aData['DEP_UID'] = $depUid;
|
|
|
|
|
$aData['USR_ROLE'] = 'PROCESSMAKER_OPERATOR';
|
|
|
|
|
|
|
|
|
|
require_once 'classes/model/Users.php';
|
|
|
|
|
|
|
|
|
|
$oUser = new Users();
|
|
|
|
|
$oUser->create($aData);
|
|
|
|
|
|
|
|
|
|
return $sUserUID;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function synchronizeManagers($managersHierarchy)
|
|
|
|
|
{
|
|
|
|
|
require_once 'classes/model/RbacUsers.php';
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
foreach ($managersHierarchy as $managerDN => $subordinates) {
|
|
|
|
|
$criteria = new Criteria('rbac');
|
|
|
|
|
$criteria->addSelectColumn('*');
|
|
|
|
|
$criteria->add(RbacUsersPeer::USR_AUTH_USER_DN, $managerDN);
|
|
|
|
|
$dataset = RbacUsersPeer::doSelectRS($criteria);
|
|
|
|
|
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
if ($dataset->next()) {
|
|
|
|
|
$row = $dataset->getRow();
|
|
|
|
|
$criteriaSet = new Criteria('workflow');
|
|
|
|
|
$criteriaSet->add(UsersPeer::USR_REPORTS_TO, $row['USR_UID']);
|
|
|
|
|
$criteriaWhere = new Criteria('workflow');
|
|
|
|
|
$criteriaWhere->add(UsersPeer::USR_UID, $subordinates, Criteria::IN);
|
|
|
|
|
BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection('workflow'));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} catch (Exception $error) {
|
|
|
|
|
$this->log($this->ldapcnn, $error->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function clearManager($usersUIDs)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$criteriaSet = new Criteria('workflow');
|
|
|
|
|
$criteriaSet->add(UsersPeer::USR_REPORTS_TO, '');
|
|
|
|
|
$criteriaWhere = new Criteria('workflow');
|
|
|
|
|
$criteriaWhere->add(UsersPeer::USR_UID, $usersUIDs, Criteria::IN);
|
|
|
|
|
BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection('workflow'));
|
|
|
|
|
} catch (Exception $error) {
|
|
|
|
|
$this->log($this->ldapcnn, $error->getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get a group list
|
|
|
|
|
* @return <type>
|
|
|
|
|
*/
|
|
|
|
|
public function searchGroups()
|
|
|
|
|
{
|
2016-04-14 13:15:17 -04:00
|
|
|
try {
|
|
|
|
|
$arrayGroup = [];
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
//Set variables
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if (is_null($rbac->authSourcesObj)) {
|
|
|
|
|
$rbac->authSourcesObj = new AuthenticationSource();
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if (is_null($this->ldapcnn)) {
|
|
|
|
|
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$ldapcnn = $this->ldapcnn;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
//Get Groups
|
2016-04-22 11:19:13 -04:00
|
|
|
$limit = $this->__getPageSizeLimitByData($arrayAuthenticationSourceData);
|
2016-04-14 13:15:17 -04:00
|
|
|
$flagError = false;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$filter = '(' . $this->arrayObjectClassFilter['group'] . ')';
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$this->log($ldapcnn, 'search groups with Filter: ' . $filter);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$cookie = '';
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
do {
|
|
|
|
|
ldap_control_paged_result($ldapcnn, $limit, true, $cookie);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'cn']);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
|
|
|
|
$this->log($ldapcnn, 'Error in Search');
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$flagError = true;
|
|
|
|
|
} else {
|
|
|
|
|
if ($searchResult) {
|
|
|
|
|
//Get groups from the ldap entries
|
|
|
|
|
$countEntries = ldap_count_entries($ldapcnn, $searchResult);
|
|
|
|
|
|
|
|
|
|
if ($countEntries > 0) {
|
|
|
|
|
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
$arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
|
|
|
|
|
|
|
|
|
|
if (isset($arrayEntryData['cn']) && !is_array($arrayEntryData['cn'])) {
|
|
|
|
|
$arrayGroup[] = [
|
|
|
|
|
'dn' => $arrayEntryData['dn'],
|
|
|
|
|
'cn' => trim($arrayEntryData['cn']),
|
|
|
|
|
'users' => 0,
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
} while ($entry = ldap_next_entry($ldapcnn, $entry));
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
2016-04-14 13:15:17 -04:00
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if (!$flagError) {
|
|
|
|
|
ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
|
|
|
|
|
}
|
2016-04-14 13:15:17 -04:00
|
|
|
} while (($cookie !== null && $cookie != '') && !$flagError);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$str = '';
|
|
|
|
|
|
|
|
|
|
foreach ($arrayGroup as $group) {
|
|
|
|
|
$str .= ' ' . $group['cn'];
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
$this->log($ldapcnn, 'found '. count($arrayGroup) . ' groups: ' . $str);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
//Return
|
|
|
|
|
return $arrayGroup;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if the group exists and returns the PM UID
|
|
|
|
|
* @param <type> $currentDN
|
|
|
|
|
* @return <type>
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
public function getGrpUidIfExistsDN($currentDN)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$criteria = new Criteria('workflow');
|
|
|
|
|
$criteria->add(GroupwfPeer::GRP_STATUS , 'ACTIVE');
|
|
|
|
|
$criteria->add(GroupwfPeer::GRP_LDAP_DN, $currentDN);
|
|
|
|
|
$dataset = GroupwfPeer::doSelectRS($criteria);
|
|
|
|
|
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
if ($dataset->next()) {
|
|
|
|
|
$row = $dataset->getRow();
|
|
|
|
|
|
|
|
|
|
return $row['GRP_UID'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "";
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get number of Users in each Group from the Database
|
|
|
|
|
*
|
|
|
|
|
* return array Return array with the number of Users in each Group from the Database
|
|
|
|
|
*/
|
|
|
|
|
public function groupsGetNumberOfUsersFromDb()
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$arrayData = array();
|
|
|
|
|
|
|
|
|
|
//Get data
|
|
|
|
|
$criteria = new Criteria("workflow");
|
|
|
|
|
|
|
|
|
|
$criteria->addSelectColumn(GroupUserPeer::GRP_UID);
|
|
|
|
|
$criteria->addSelectColumn("COUNT(" . GroupUserPeer::GRP_UID . ") AS NUM_REC");
|
|
|
|
|
$criteria->addJoin(GroupUserPeer::USR_UID, UsersPeer::USR_UID, Criteria::LEFT_JOIN);
|
|
|
|
|
$criteria->add(UsersPeer::USR_STATUS, "CLOSED", Criteria::NOT_EQUAL);
|
|
|
|
|
$criteria->addGroupByColumn(GroupUserPeer::GRP_UID);
|
|
|
|
|
|
|
|
|
|
$rsCriteria = GroupUserPeer::doSelectRS($criteria);
|
|
|
|
|
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
|
|
|
|
|
|
|
|
|
while ($rsCriteria->next()) {
|
|
|
|
|
$row = $rsCriteria->getRow();
|
|
|
|
|
|
|
|
|
|
$arrayData[$row["GRP_UID"]] = $row["NUM_REC"];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return $arrayData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
select groups but it is not recursive, only returns groups in this level
|
|
|
|
|
*/
|
|
|
|
|
public function getGroups()
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$result = array();
|
|
|
|
|
$criteria = new Criteria('workflow');
|
|
|
|
|
$con = Propel::getConnection(GroupwfPeer::DATABASE_NAME);
|
|
|
|
|
$objects = GroupwfPeer::doSelect($criteria, $con);
|
|
|
|
|
|
|
|
|
|
foreach ($objects as $oGroup) {
|
|
|
|
|
$node = array();
|
|
|
|
|
$node['GRP_UID'] = $oGroup->getGrpUid();
|
|
|
|
|
$node['GRP_TITLE'] = stripslashes($oGroup->getGrpTitle());
|
|
|
|
|
$node['GRP_STATUS'] = $oGroup->getGrpStatus();
|
|
|
|
|
$node['GRP_LDAP_DN'] = $oGroup->getGrpLdapDn();
|
|
|
|
|
$result[] = $node;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
|
} catch (exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
function to get groups from the array previously obtained from LDAP
|
|
|
|
|
we are calling registered groups
|
|
|
|
|
it is a recursive function, in the first call with an array with first top level groups from PM
|
|
|
|
|
then go thru all groups and obtain a list of groups already created in PM and pass that array
|
|
|
|
|
to next function to synchronize All users for each group
|
|
|
|
|
this function is used in cron only
|
|
|
|
|
|
|
|
|
|
@param array groups obtained from LDAP/Active Directory
|
|
|
|
|
@param array of groups, first call have only top level groups
|
|
|
|
|
*/
|
|
|
|
|
public function getRegisteredGroups(array $arrayLdapGroup, array $arrayDbGroup)
|
|
|
|
|
{
|
|
|
|
|
$aResult = array();
|
|
|
|
|
|
|
|
|
|
if (!empty($arrayLdapGroup)) {
|
|
|
|
|
foreach ($arrayLdapGroup as $ldapGroup) {
|
|
|
|
|
foreach ($arrayDbGroup as $group) {
|
|
|
|
|
if ($group["GRP_TITLE"] == $ldapGroup["cn"] && $group["GRP_LDAP_DN"] == $ldapGroup["dn"]) {
|
|
|
|
|
$aResult[] = $group;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $aResult;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Convert 18-digit LDAP timestamps to format PM
|
|
|
|
|
*
|
|
|
|
|
* @author Ronald Escobar <ronald@colosa.com>
|
|
|
|
|
* @param Date | $dateAD | Date of AD ('Windows NT time format' and 'Win32 FILETIME or SYSTEMTIME')
|
|
|
|
|
* @param Date | $datePM | Date of PM
|
|
|
|
|
*/
|
|
|
|
|
public function convertDateADtoPM($dateAD)
|
|
|
|
|
{
|
|
|
|
|
$unixTimestamp = ($dateAD / 10000000) - 11644560000;
|
|
|
|
|
$datePM = date('Y-m-d', mktime(0, 0, 0, date('m'), '01', date('Y') + 2));//(date('Y') + 10)."-12-01";
|
|
|
|
|
if ($unixTimestamp >0) {
|
|
|
|
|
$dateAux = date("Y-m-d", $unixTimestamp);
|
|
|
|
|
$yearAux = date("Y", $unixTimestamp);
|
|
|
|
|
if (strlen(trim($yearAux)) <= 4) {
|
|
|
|
|
$datePM = $dateAux;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $datePM;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function custom_ldap_explode_dn($dn)
|
|
|
|
|
{
|
|
|
|
|
$dn = trim($dn, ',');
|
|
|
|
|
$result = ldap_explode_dn($dn, 0);
|
|
|
|
|
|
|
|
|
|
if (is_array($result)) {
|
|
|
|
|
unset($result['count']);
|
|
|
|
|
|
|
|
|
|
foreach ($result as $key => $value) {
|
|
|
|
|
$result[$key] = addcslashes(preg_replace("/\\\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\\1')).''", $value), '<>,"');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Synchronize User for this Department
|
|
|
|
|
*
|
|
|
|
|
* @param string $departmentUid UID of Department
|
|
|
|
|
* @param array $arrayUserLdap User LDAP data
|
|
|
|
|
* @param array $arrayData Data
|
|
|
|
|
*
|
|
|
|
|
* return array Return data
|
|
|
|
|
*/
|
|
|
|
|
public function departmentSynchronizeUser($departmentUid, array $arrayUserLdap, array $arrayData)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function departmentSynchronizeUser() > START");
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function departmentSynchronizeUser() > \$arrayUserLdap[sUsername] ----> " . $arrayUserLdap["sUsername"]);
|
|
|
|
|
|
|
|
|
|
$userUid = "";
|
|
|
|
|
$found = false;
|
|
|
|
|
|
|
|
|
|
$arrayUserData = $this->departmentGetUserDataIfUsernameExists($arrayUserLdap["sUsername"]);
|
|
|
|
|
|
|
|
|
|
if (!empty($arrayUserData)) {
|
|
|
|
|
//User already exists in this department and there is nothing to do
|
|
|
|
|
//User already exists
|
|
|
|
|
$userUid = $arrayUserData["USR_UID"];
|
|
|
|
|
$found = true;
|
|
|
|
|
|
|
|
|
|
$arrayData["already"]++;
|
|
|
|
|
$arrayData["alreadyUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!$found) {
|
|
|
|
|
//If user DO NOT exists in this department.. do:
|
|
|
|
|
//If exists with another AuthSource -> impossible
|
|
|
|
|
//If exists in another department, but in PM and for this authsource, we need to move it
|
|
|
|
|
|
|
|
|
|
//$arrayNewUserData = $this->searchUserByUid($arrayUserLdap["sUsername"]);
|
|
|
|
|
$arrayNewUserData = $arrayUserLdap;
|
|
|
|
|
|
|
|
|
|
$arrayAux = $this->custom_ldap_explode_dn($arrayNewUserData["sDN"]);
|
|
|
|
|
array_shift($arrayAux);
|
|
|
|
|
|
|
|
|
|
$departmentUid = $this->getDepUidIfExistsDN(implode(",", $arrayAux)); //Check if exists the Department DN in DB
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function departmentSynchronizeUser() > \$departmentUid ----> $departmentUid");
|
|
|
|
|
|
|
|
|
|
if ($departmentUid != "") {
|
|
|
|
|
$arrayUserData = $this->authenticationSourceGetUserDataIfUsernameExists($arrayNewUserData["sUsername"]);
|
|
|
|
|
|
|
|
|
|
if (!empty($arrayUserData)) {
|
|
|
|
|
//User exists in this Authentication Source
|
|
|
|
|
//Move User
|
|
|
|
|
$userUid = $arrayUserData["USR_UID"];
|
|
|
|
|
|
|
|
|
|
$this->activateUser($arrayUserData["USR_UID"], $arrayNewUserData["sDN"], $departmentUid);
|
|
|
|
|
|
|
|
|
|
$arrayData["moved"]++;
|
|
|
|
|
$arrayData["movedUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
|
|
|
|
|
|
|
|
|
|
$this->setArrayAuthenticationSourceUser($userUid, $arrayNewUserData); //INITIALIZE DATA //Update User
|
|
|
|
|
} else {
|
|
|
|
|
$arrayUserData = $this->getUserFromPM($arrayNewUserData["sUsername"]);
|
|
|
|
|
|
|
|
|
|
if (!empty($arrayUserData)) {
|
|
|
|
|
//User exists in another Authentication Source and another Department
|
|
|
|
|
//Impossible
|
|
|
|
|
$userUid = $arrayUserData["USR_UID"];
|
|
|
|
|
|
|
|
|
|
$arrayData["impossible"]++;
|
|
|
|
|
$arrayData["impossibleUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
|
|
|
|
|
} else {
|
|
|
|
|
//User not exists
|
|
|
|
|
//Create User
|
|
|
|
|
$userUid = $this->createUserAndActivate($arrayNewUserData, $departmentUid);
|
|
|
|
|
|
|
|
|
|
$arrayData["created"]++;
|
|
|
|
|
$arrayData["createdUsers"] .= $arrayNewUserData["sUsername"] . " ";
|
|
|
|
|
|
|
|
|
|
$this->setArrayAuthenticationSourceUser($userUid, $arrayNewUserData); //INITIALIZE DATA //Add User
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($userUid != "") {
|
|
|
|
|
$arrayData["arrayUserUid"][] = $userUid;
|
|
|
|
|
|
|
|
|
|
if (isset($arrayUserLdap["sManagerDN"]) && $arrayUserLdap["sManagerDN"] != "") {
|
|
|
|
|
if (!isset($arrayData["managersHierarchy"][$arrayUserLdap["sManagerDN"]])) {
|
|
|
|
|
$arrayData["managersHierarchy"][$arrayUserLdap["sManagerDN"]] = array();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayData["managersHierarchy"][$arrayUserLdap["sManagerDN"]][$userUid] = $userUid;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function departmentSynchronizeUser() > \$userUid ----> $userUid");
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function departmentSynchronizeUser() > END");
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return $arrayData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Synchronize User for this Group
|
|
|
|
|
*
|
|
|
|
|
* @param string $groupUid UID of Group
|
|
|
|
|
* @param array $arrayUserLdap User LDAP data
|
|
|
|
|
* @param array $arrayData Data
|
|
|
|
|
*
|
|
|
|
|
* return array Return data
|
|
|
|
|
*/
|
|
|
|
|
public function groupSynchronizeUser($groupUid, array $arrayUserLdap, array $arrayData)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function groupSynchronizeUser() > START");
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function groupSynchronizeUser() > \$arrayUserLdap[sUsername] ----> " . $arrayUserLdap["sUsername"]);
|
|
|
|
|
|
|
|
|
|
$group = new Groups();
|
|
|
|
|
|
|
|
|
|
$userUid = "";
|
|
|
|
|
$found = false;
|
|
|
|
|
|
|
|
|
|
$arrayUserData = $this->groupGetUserDataIfUsernameExists($arrayUserLdap["sUsername"]);
|
|
|
|
|
|
|
|
|
|
if (!empty($arrayUserData)) {
|
|
|
|
|
//User already exists in this group and there is nothing to do
|
|
|
|
|
//User already exists
|
|
|
|
|
$userUid = $arrayUserData["USR_UID"];
|
|
|
|
|
$found = true;
|
|
|
|
|
|
|
|
|
|
$arrayData["already"]++;
|
|
|
|
|
$arrayData["alreadyUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!$found) {
|
|
|
|
|
//If user DO NOT exists in this group.. do:
|
|
|
|
|
//If exists with another AuthSource -> impossible
|
|
|
|
|
//If exists in another group, but in PM and for this authsource, we need to move it
|
|
|
|
|
|
|
|
|
|
//$arrayNewUserData = $this->searchUserByUid($arrayUserLdap["sUsername"]);
|
|
|
|
|
$arrayNewUserData = $arrayUserLdap;
|
|
|
|
|
|
|
|
|
|
$arrayUserData = $this->authenticationSourceGetUserDataIfUsernameExists($arrayNewUserData["sUsername"]);
|
|
|
|
|
|
|
|
|
|
if (!empty($arrayUserData)) {
|
|
|
|
|
//User exists in this Authentication Source
|
|
|
|
|
//Move User
|
|
|
|
|
$userUid = $arrayUserData["USR_UID"];
|
|
|
|
|
|
|
|
|
|
$this->activateUser($arrayUserData["USR_UID"], $arrayNewUserData["sDN"]);
|
|
|
|
|
|
|
|
|
|
$group->addUserToGroup($groupUid, $userUid);
|
|
|
|
|
|
|
|
|
|
$arrayData["moved"]++;
|
|
|
|
|
$arrayData["movedUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
|
|
|
|
|
|
|
|
|
|
$this->setArrayAuthenticationSourceUser($userUid, $arrayNewUserData); //INITIALIZE DATA //Update User
|
|
|
|
|
} else {
|
|
|
|
|
$arrayUserData = $this->getUserFromPM($arrayNewUserData["sUsername"]);
|
|
|
|
|
|
|
|
|
|
if (!empty($arrayUserData)) {
|
|
|
|
|
//User exists in another Authentication Source and another Group
|
|
|
|
|
//Impossible
|
|
|
|
|
$userUid = $arrayUserData["USR_UID"];
|
|
|
|
|
|
|
|
|
|
$arrayData["impossible"]++;
|
|
|
|
|
$arrayData["impossibleUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
|
|
|
|
|
} else {
|
|
|
|
|
//User not exists
|
|
|
|
|
//Create User
|
|
|
|
|
$userUid = $this->createUserAndActivate($arrayNewUserData, "");
|
|
|
|
|
|
|
|
|
|
$group->addUserToGroup($groupUid, $userUid);
|
|
|
|
|
|
|
|
|
|
$arrayData["created"]++;
|
|
|
|
|
$arrayData["createdUsers"] .= $arrayNewUserData["sUsername"] . " ";
|
|
|
|
|
|
|
|
|
|
$this->setArrayAuthenticationSourceUser($userUid, $arrayNewUserData); //INITIALIZE DATA //Add User
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($userUid != "") {
|
|
|
|
|
$arrayData["arrayUserUid"][] = $userUid;
|
|
|
|
|
|
|
|
|
|
if (isset($arrayUserLdap["sManagerDN"]) && $arrayUserLdap["sManagerDN"] != "") {
|
|
|
|
|
if (!isset($arrayData["managersHierarchy"][$arrayUserLdap["sManagerDN"]])) {
|
|
|
|
|
$arrayData["managersHierarchy"][$arrayUserLdap["sManagerDN"]] = array();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayData["managersHierarchy"][$arrayUserLdap["sManagerDN"]][$userUid] = $userUid;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function groupSynchronizeUser() > \$userUid ----> $userUid");
|
|
|
|
|
$this->debugLog("class.ldapAdvanced.php > function groupSynchronizeUser() > END");
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return $arrayData;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-04-22 11:19:13 -04:00
|
|
|
* Update User data based on the LDAP Server
|
2015-06-09 16:14:01 -04:00
|
|
|
*
|
2016-04-22 11:19:13 -04:00
|
|
|
* @param resource $ldapcnn LDAP link identifier
|
|
|
|
|
* @param array $arrayAuthSourceData Authentication Source Data
|
|
|
|
|
* @param string $userDn User DN
|
|
|
|
|
* @param array $arrayUser Users
|
2015-06-09 16:14:01 -04:00
|
|
|
*
|
2016-04-22 11:19:13 -04:00
|
|
|
* @return bool
|
2015-06-09 16:14:01 -04:00
|
|
|
*/
|
2016-04-22 11:19:13 -04:00
|
|
|
private function __ldapUserUpdateByDnAndData($ldapcnn, array $arrayAuthSourceData, $userDn, array $arrayUser)
|
2015-06-09 16:14:01 -04:00
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
//Set variables
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
|
|
|
|
|
if (is_null($rbac->userObj)) {
|
|
|
|
|
$rbac->userObj = new RbacUsers();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Set variables
|
2016-04-22 11:19:13 -04:00
|
|
|
$flagUser = false;
|
|
|
|
|
|
|
|
|
|
$arrayAttributesToSync = [
|
|
|
|
|
//Default attributes to sync
|
|
|
|
|
'USR_FIRSTNAME' => 'givenname',
|
|
|
|
|
'USR_LASTNAME' => 'sn',
|
|
|
|
|
'USR_EMAIL' => 'mail',
|
|
|
|
|
'USR_STATUS' => 'useraccountcontrol'
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
if (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE']) &&
|
|
|
|
|
!empty($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'])
|
2015-06-09 16:14:01 -04:00
|
|
|
) {
|
2016-04-22 11:19:13 -04:00
|
|
|
foreach ($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'] as $value) {
|
|
|
|
|
$arrayAttributesToSync[$value['attributeUser']] = $value['attributeLdap'];
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
//Search User from LDAP Server
|
|
|
|
|
$uidUserIdentifier = (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER']))?
|
|
|
|
|
$arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'] : 'uid';
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$arrayAttribute = array_merge($this->arrayAttributesForUser, array_values($arrayAttributesToSync));
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$searchResult = @ldap_search($ldapcnn, $userDn, '(objectclass=*)', $arrayAttribute);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
2015-06-09 16:14:01 -04:00
|
|
|
//
|
|
|
|
|
} else {
|
2016-04-22 11:19:13 -04:00
|
|
|
if ($searchResult && ldap_count_entries($ldapcnn, $searchResult) > 0) {
|
|
|
|
|
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : '';
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if ((is_array($username) && !empty($username)) || trim($username) != '') {
|
|
|
|
|
$username = trim((is_array($username))? $username[0] : $username);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if (isset($arrayUser[$username])) {
|
|
|
|
|
if (!isset($this->arrayUserUpdateChecked[$username])) {
|
|
|
|
|
$this->arrayUserUpdateChecked[$username] = 1;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$arrayUserDataUpdate = [];
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
foreach ($arrayAttributesToSync as $key => $value) {
|
|
|
|
|
$fieldName = $key;
|
|
|
|
|
$attributeName = strtolower($value);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if (isset($arrayUserLdap[$attributeName])) {
|
|
|
|
|
$ldapAttributeValue = trim((is_array($arrayUserLdap[$attributeName]))? $arrayUserLdap[$attributeName][0] : $arrayUserLdap[$attributeName]);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
switch ($fieldName) {
|
|
|
|
|
case 'USR_STATUS':
|
|
|
|
|
if ($attributeName == 'useraccountcontrol') {
|
2016-10-07 08:00:44 -04:00
|
|
|
$ldapAttributeValue = (preg_match('/^(?:' . '512|544|66048|66080' . ')$/', $ldapAttributeValue))? (($arrayUser[$username][$fieldName] == 'VACATION')? 'VACATION' : 'ACTIVE') : 'INACTIVE';
|
2016-04-22 11:19:13 -04:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 'USR_DUE_DATE':
|
|
|
|
|
if ($attributeName == 'accountexpires') {
|
|
|
|
|
$ldapAttributeValue = $this->convertDateADtoPM($ldapAttributeValue);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if ($ldapAttributeValue != $arrayUser[$username][$fieldName]) {
|
|
|
|
|
$arrayUserDataUpdate[$fieldName] = $ldapAttributeValue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if (!empty($arrayUserDataUpdate)) {
|
|
|
|
|
$arrayUserDataUpdate['USR_UID'] = $arrayUser[$username]['USR_UID'];
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
//Update User data
|
|
|
|
|
$rbac->updateUser($arrayUserDataUpdate);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$user = new Users();
|
|
|
|
|
$result = $user->update($arrayUserDataUpdate);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$this->log(
|
|
|
|
|
$ldapcnn,
|
|
|
|
|
'User is repeated: Username "' . $username .'", DN "' . $arrayUserLdap['dn'] . '"'
|
|
|
|
|
);
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$flagUser = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
//Return
|
|
|
|
|
return $flagUser;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Update Users data based on the LDAP Server
|
|
|
|
|
*
|
|
|
|
|
* @param resource $ldapcnn LDAP link identifier
|
|
|
|
|
* @param array $arrayAuthSourceData Authentication Source Data
|
|
|
|
|
* @param string $filterUsers Filter
|
|
|
|
|
* @param array $arrayUserUid UID of Users
|
|
|
|
|
* @param array $arrayData Data
|
|
|
|
|
*
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
private function __ldapUsersUpdateData(
|
|
|
|
|
$ldapcnn,
|
|
|
|
|
array $arrayAuthSourceData,
|
|
|
|
|
$filterUsers,
|
|
|
|
|
array $arrayUserUid,
|
|
|
|
|
array $arrayData
|
|
|
|
|
) {
|
|
|
|
|
try {
|
|
|
|
|
$totalUser = $arrayData['totalUser'];
|
|
|
|
|
$countUser = $arrayData['countUser'];
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
//Search Users
|
|
|
|
|
$filter = '(&(' . $this->arrayObjectClassFilter['user'] . ')(|' . $filterUsers . '))';
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$searchResult = @ldap_search($ldapcnn, $arrayAuthSourceData['AUTH_SOURCE_BASE_DN'], $filter, $this->arrayAttributesForUser);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
if ($error = ldap_errno($ldapcnn)) {
|
|
|
|
|
//
|
|
|
|
|
} else {
|
|
|
|
|
if ($searchResult && ldap_count_entries($ldapcnn, $searchResult) > 0) {
|
|
|
|
|
//Get Users from DB
|
|
|
|
|
$arrayUser = [];
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$criteria = new Criteria('workflow');
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$criteria->add(UsersPeer::USR_UID, $arrayUserUid, Criteria::IN);
|
|
|
|
|
//$criteria->add(UsersPeer::USR_USERNAME, '', Criteria::NOT_EQUAL);
|
|
|
|
|
$criteria->add(UsersPeer::USR_STATUS, 'CLOSED', Criteria::NOT_EQUAL);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$rsCriteria = UsersPeer::doSelectRS($criteria);
|
|
|
|
|
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
while ($rsCriteria->next()) {
|
|
|
|
|
$row = $rsCriteria->getRow();
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
$arrayUser[$row['USR_USERNAME']] = $row;
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
//Get Users from LDAP Server
|
|
|
|
|
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
do {
|
|
|
|
|
if ($this->__ldapUserUpdateByDnAndData(
|
|
|
|
|
$ldapcnn, $arrayAuthSourceData, ldap_get_dn($ldapcnn, $entry), $arrayUser
|
|
|
|
|
)
|
|
|
|
|
) {
|
|
|
|
|
$countUser++;
|
2015-06-09 16:14:01 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
//Progress bar
|
|
|
|
|
$this->frontEndShow(
|
|
|
|
|
'BAR',
|
|
|
|
|
'Update Users data: ' . $countUser . '/' . $totalUser . ' ' . $this->progressBar($totalUser, $countUser)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
} while ($entry = ldap_next_entry($ldapcnn, $entry));
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Return
|
2016-04-22 11:19:13 -04:00
|
|
|
return [$totalUser, $countUser];
|
2015-06-09 16:14:01 -04:00
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Update Users data based on the LDAP Server
|
|
|
|
|
*
|
|
|
|
|
* @param string $authenticationSourceUid UID of Authentication Source
|
|
|
|
|
*
|
|
|
|
|
* return void
|
|
|
|
|
*/
|
|
|
|
|
public function usersUpdateData($authenticationSourceUid)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$totalUser = count($this->arrayAuthenticationSourceUsersByUid);
|
|
|
|
|
$countUser = 0;
|
|
|
|
|
|
|
|
|
|
//Set variables
|
|
|
|
|
$rbac = &RBAC::getSingleton();
|
|
|
|
|
|
|
|
|
|
if (is_null($rbac->authSourcesObj)) {
|
|
|
|
|
$rbac->authSourcesObj = new AuthenticationSource();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($authenticationSourceUid);
|
|
|
|
|
|
|
|
|
|
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
|
|
|
|
|
|
|
|
|
$ldapcnn = $this->ldapcnn;
|
|
|
|
|
|
|
|
|
|
//Update Users
|
2016-04-22 11:19:13 -04:00
|
|
|
$limit = $this->__getPageSizeLimitByData($arrayAuthenticationSourceData);
|
2015-06-09 16:14:01 -04:00
|
|
|
$count = 0;
|
|
|
|
|
|
|
|
|
|
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
|
|
|
|
|
|
|
|
|
|
$filterUsers = "";
|
|
|
|
|
$arrayUserUid = array();
|
|
|
|
|
|
|
|
|
|
foreach ($this->arrayAuthenticationSourceUsersByUid as $value) {
|
|
|
|
|
$arrayUserData = $value;
|
|
|
|
|
|
|
|
|
|
$count++;
|
|
|
|
|
|
|
|
|
|
$filterUsers .= "($uidUserIdentifier=" . $arrayUserData["USR_USERNAME"] . ")";
|
|
|
|
|
$arrayUserUid[] = $arrayUserData["USR_UID"];
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
if ($count == $limit) {
|
2016-04-22 11:19:13 -04:00
|
|
|
list($totalUser, $countUser) = $this->__ldapUsersUpdateData(
|
|
|
|
|
$ldapcnn, $arrayAuthenticationSourceData, $filterUsers, $arrayUserUid, ['totalUser' => $totalUser, 'countUser' => $countUser]
|
|
|
|
|
);
|
2015-06-09 16:14:01 -04:00
|
|
|
|
|
|
|
|
$count = 0;
|
|
|
|
|
|
|
|
|
|
$filterUsers = "";
|
|
|
|
|
$arrayUserUid = array();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($count > 0) {
|
2016-04-22 11:19:13 -04:00
|
|
|
list($totalUser, $countUser) = $this->__ldapUsersUpdateData(
|
|
|
|
|
$ldapcnn, $arrayAuthenticationSourceData, $filterUsers, $arrayUserUid, ['totalUser' => $totalUser, 'countUser' => $countUser]
|
|
|
|
|
);
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-04-14 13:15:17 -04:00
|
|
|
|
2016-04-22 11:19:13 -04:00
|
|
|
/**
|
|
|
|
|
* Get page size limit for a search result
|
|
|
|
|
*
|
|
|
|
|
* @param array $arrayAuthSourceData Authentication Source Data
|
|
|
|
|
*
|
|
|
|
|
* @return int Returns the page size limit for a search result
|
|
|
|
|
*/
|
|
|
|
|
private function __getPageSizeLimitByData(array $arrayAuthSourceData)
|
|
|
|
|
{
|
|
|
|
|
if (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'])) {
|
|
|
|
|
return $arrayAuthSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
|
|
|
|
|
} else {
|
|
|
|
|
return $this->getPageSizeLimit(false);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-14 13:15:17 -04:00
|
|
|
/**
|
|
|
|
|
* Get page size limit for a search result
|
|
|
|
|
*
|
|
|
|
|
* @param resource $ldapcnn LDAP link identifier
|
|
|
|
|
* @param string $baseDn The base DN for the directory
|
|
|
|
|
*
|
|
|
|
|
* @return int Returns the page size limit for a search result
|
|
|
|
|
*/
|
|
|
|
|
public function getPageSizeLimit($ldapcnn, $baseDn = '')
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
$limit = 1000;
|
|
|
|
|
|
|
|
|
|
if ($ldapcnn === false) {
|
|
|
|
|
return $limit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$searchResult = @ldap_search($ldapcnn, $baseDn, '(|(objectclass=*))', ['dn']);
|
|
|
|
|
|
|
|
|
|
if ($searchResult) {
|
|
|
|
|
$countEntries = ldap_count_entries($ldapcnn, $searchResult);
|
|
|
|
|
|
|
|
|
|
if ($countEntries > 0) {
|
|
|
|
|
$limit = ($countEntries > $limit)? $limit : $countEntries;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Return
|
|
|
|
|
return $limit;
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
throw $e;
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-06-09 16:14:01 -04:00
|
|
|
}
|
