TASK-290 Add new new command for Auth Sources Cron
This commit is contained in:
Brayan Pereyra
@@ -103,6 +103,7 @@ class CLI
|
||||
public static function help ($args, $opts = null)
|
||||
{
|
||||
global $argv;
|
||||
|
||||
$scriptName = $argv[0];
|
||||
if (is_array($args) && count($args) > 0 ) {
|
||||
$taskName = $args[0];
|
||||
@@ -202,10 +203,12 @@ EOT;
|
||||
CLI::taskName( "help" );
|
||||
CLI::taskRun( array ('self','help'
|
||||
) );
|
||||
|
||||
global $argv;
|
||||
$args = $argv;
|
||||
$cliname = array_shift( $args );
|
||||
$taskName = array_shift( $args );
|
||||
|
||||
if (isset($taskName[0])) {
|
||||
while ($taskName[0] == '-') {
|
||||
$taskName = array_shift( $args );
|
||||
@@ -345,7 +348,7 @@ EOT;
|
||||
* @param string $message the message to display
|
||||
* @param string $filename the log file to write messages
|
||||
*/
|
||||
public static function logging ($message, $filename = null)
|
||||
public static function logging($message, $filename = null, $color = null)
|
||||
{
|
||||
static $log_file = null;
|
||||
if (isset( $filename )) {
|
||||
@@ -355,7 +358,7 @@ EOT;
|
||||
if (isset( $log_file )) {
|
||||
fwrite( $log_file, $message );
|
||||
}
|
||||
echo $message;
|
||||
eprintln($message, $color);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,19 +2,34 @@
|
||||
|
||||
use ProcessMaker\Model\RbacAuthenticationSource;
|
||||
use ProcessMaker\Model\RbacUsers;
|
||||
use ProcessMaker\Model\User;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use ProcessMaker\BusinessModel\User;
|
||||
use ProcessMaker\Model\Department;
|
||||
use ProcessMaker\Model\Groupwf;
|
||||
use ProcessMaker\BusinessModel\User as BusinessUser;
|
||||
use \RbacUsers as RbacUsersModel;
|
||||
use \Roles as RolesModel;
|
||||
use \UsersRoles as UsersRolesModel;
|
||||
|
||||
class LdapSource
|
||||
{
|
||||
public $authSourceUid;
|
||||
public $sTerminatedOu = '';
|
||||
public $ldapcnn = null;
|
||||
public $debug = false;
|
||||
private $frontEnd = false;
|
||||
public $terminatedOu;
|
||||
public $allListOfUsers = [];
|
||||
private $arrayDepartmentUserSynchronizedChecked = [];
|
||||
public $arrayAuthenticationSourceUsersByUid = [];
|
||||
public $arrayAuthenticationSourceUsersByUsername = [];
|
||||
public $arrayDepartmentUsersByUid = [];
|
||||
public $arrayDepartmentUsersByUsername = [];
|
||||
public $arrayGroupUsersByUid = [];
|
||||
public $arrayGroupUsersByUsername = [];
|
||||
private $arrayUserUpdateChecked = [];
|
||||
|
||||
private $arrayObjectClassFilter = [
|
||||
"user" => "|(objectclass=inetorgperson)(objectclass=organizationalperson)(objectclass=person)(objectclass=user)",
|
||||
@@ -42,7 +57,6 @@ class LdapSource
|
||||
|
||||
$ldapcnn = ldap_connect($authSourceData['AUTH_SOURCE_SERVER_NAME'], $authSourceData['AUTH_SOURCE_PORT']);
|
||||
$this->stdLog($ldapcnn, 'ldap_connect', $loggableAuthSource);
|
||||
|
||||
$ldapServer = $authSourceData['AUTH_SOURCE_SERVER_NAME'] . ':' . $authSourceData['AUTH_SOURCE_PORT'];
|
||||
|
||||
ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
@@ -65,7 +79,9 @@ class LdapSource
|
||||
$bBind = ldap_bind($ldapcnn, $authSourceData['AUTH_SOURCE_SEARCH_USER'], $authSourceData['AUTH_SOURCE_PASSWORD']);
|
||||
$this->log($ldapcnn, 'bind ' . $ldapServer . ' with user ' . $loggableAuthSource['AUTH_SOURCE_SEARCH_USER']);
|
||||
}
|
||||
|
||||
$this->stdLog($ldapcnn, 'ldap_bind', $loggableAuthSource);
|
||||
|
||||
$this->getDiagnosticMessage($ldapcnn);
|
||||
if (!$bBind) {
|
||||
$message = 'Unable to bind to server: ' . $ldapServer . 'LDAP-Errno: ' . ldap_errno($ldapcnn) . ' : ' . ldap_error($ldapcnn) . " \n";
|
||||
@@ -182,6 +198,7 @@ class LdapSource
|
||||
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
||||
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
||||
$authenticationSourceData = $authSourceReturn['data'][0];
|
||||
|
||||
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_decode($authenticationSourceData['AUTH_SOURCE_DATA'], true);
|
||||
$authenticationSourceData['AUTH_SOURCE_PASSWORD'] = G::decrypt($authenticationSourceData['AUTH_SOURCE_PASSWORD'], URL_KEY);
|
||||
|
||||
@@ -189,6 +206,7 @@ class LdapSource
|
||||
$ldapcnn = $this->ldapConnection($authenticationSourceData);
|
||||
$this->ldapcnn = $ldapcnn['connection'];
|
||||
}
|
||||
|
||||
$this->terminatedOu = $attributes['AUTH_SOURCE_RETIRED_OU'] ?? '';
|
||||
$ldapcnn = $this->ldapcnn;
|
||||
|
||||
@@ -380,7 +398,7 @@ class LdapSource
|
||||
$this->log($linkIdentifier, $messageError);
|
||||
}
|
||||
|
||||
private function log($link, $text)
|
||||
public function log($link, $text)
|
||||
{
|
||||
$logFile = PATH_DATA . 'logs/ldap.log';
|
||||
|
||||
@@ -412,7 +430,7 @@ class LdapSource
|
||||
fclose($fpt);
|
||||
}
|
||||
|
||||
private function stdLog($link, $message = "", $context = [], $level = "info")
|
||||
public function stdLog($link, $message = "", $context = [], $level = "info")
|
||||
{
|
||||
try {
|
||||
if (empty($link)) {
|
||||
@@ -482,7 +500,6 @@ class LdapSource
|
||||
$filter = ($filterUsers != '') ? $filterUsers : '(' . $this->arrayObjectClassFilter['user'] . ')';
|
||||
$filtersDefault = "(|(dn=$keyword)(uid=$keyword)(samaccountname=$keyword)(givenname=$keyword)(sn=$keyword)(cn=$keyword)(mail=$keyword)(userprincipalname=$keyword))";
|
||||
$filter = '(&' . $filter . $filtersDefault . ')';
|
||||
|
||||
$oSearch = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));
|
||||
$context = [
|
||||
'baseDN' => $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'],
|
||||
@@ -921,12 +938,11 @@ class LdapSource
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
if ($verifiedUser["sDN"] != $strUser || $setAttributes == 1) {
|
||||
$userDn = $verifiedUser['sDN'];
|
||||
|
||||
// Update data
|
||||
$user = new User();
|
||||
$user = new BusinessUser();
|
||||
$arrayUserData = $user->getUserRecordByPk($usrUid, [], false);
|
||||
|
||||
$result = $this->ldapUserUpdateByDnAndData(
|
||||
@@ -936,19 +952,12 @@ class LdapSource
|
||||
[$arrayUserData['USR_USERNAME'] => $arrayUserData]
|
||||
);
|
||||
|
||||
//Update DN
|
||||
$con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME);
|
||||
// select set
|
||||
$c1 = new Criteria("rbac");
|
||||
$c1->add(RbacUsersPeer::UID_AUTH_SOURCE, $authenticationSourceData["AUTH_SOURCE_UID"]);
|
||||
$c1->add(RbacUsersPeer::USR_AUTH_USER_DN, $strUser);
|
||||
// update set
|
||||
$c2 = new Criteria("rbac");
|
||||
$c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $userDn);
|
||||
|
||||
BasePeer::doUpdate($c1, $c2, $con);
|
||||
$rbacUsers = new RbacUsers();
|
||||
$rbacUsers->updateData(
|
||||
['USR_AUTH_USER_DN' => $userDn],
|
||||
['UID_AUTH_SOURCE' => $authenticationSourceData["AUTH_SOURCE_UID"], 'USR_AUTH_USER_DN' => $strUser]
|
||||
);
|
||||
}
|
||||
*/
|
||||
|
||||
//Check ldap connection for user
|
||||
$authenticationSourceData["AUTH_ANONYMOUS"] = "0";
|
||||
@@ -1147,26 +1156,30 @@ class LdapSource
|
||||
|
||||
//Set variables
|
||||
$dn = trim($dn);
|
||||
$rbac = RBAC::getSingleton();
|
||||
|
||||
if (is_null($rbac->authSourcesObj)) {
|
||||
$rbac->authSourcesObj = new AuthenticationSource();
|
||||
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
||||
$filters = ['conditions' => ['AUTH_SOURCE_UID'=> $this->authSourceUid]];
|
||||
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
||||
$authenticationSourceData = $authSourceReturn['data'][0];
|
||||
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_decode($authenticationSourceData['AUTH_SOURCE_DATA'], true);
|
||||
$authenticationSourceData['AUTH_SOURCE_PASSWORD'] = G::decrypt($authenticationSourceData['AUTH_SOURCE_PASSWORD'], URL_KEY);
|
||||
|
||||
if (is_null($this->ldapcnn)) {
|
||||
$ldapcnn = $this->ldapConnection($authenticationSourceData);
|
||||
$this->ldapcnn = $ldapcnn['connection'];
|
||||
}
|
||||
|
||||
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
|
||||
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
||||
$ldapcnn = $this->ldapcnn;
|
||||
|
||||
//Get Users
|
||||
$limit = $this->getPageSizeLimitByData($arrayAuthenticationSourceData);
|
||||
$limit = $this->getPageSizeLimitByData($authenticationSourceData);
|
||||
$flagError = false;
|
||||
|
||||
if (!isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"])) {
|
||||
$arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
|
||||
if (!isset($authenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"])) {
|
||||
$authenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
|
||||
}
|
||||
|
||||
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"])) ? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
|
||||
$filterUsers = trim($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"]);
|
||||
$uidUserIdentifier = (isset($authenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"])) ? $authenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
|
||||
$filterUsers = trim($authenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"]);
|
||||
$filter = ($filterUsers != "") ? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
|
||||
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
|
||||
$cookie = '';
|
||||
@@ -1219,7 +1232,8 @@ class LdapSource
|
||||
foreach ($this->characters() as $value) {
|
||||
$char = $value;
|
||||
|
||||
$ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
|
||||
$ldapcnn = $this->ldapConnection($authenticationSourceData);
|
||||
$ldapcnn = $ldapcnn['connection'];
|
||||
$filter = ($filterUsers != "") ? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
|
||||
$filter = "(&$filter($uidUserIdentifier=$char*))";
|
||||
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
|
||||
@@ -1337,7 +1351,7 @@ class LdapSource
|
||||
|
||||
if ($option == "SYNCHRONIZE") {
|
||||
// Progress bar
|
||||
//$this->frontEndShow("BAR", "Departments: " . $arrayData["i"] . "/" . $arrayData["n"] . " " . $this->progressBar($totalUser, $countUser));
|
||||
$this->frontEndShow("BAR", "Departments: " . $arrayData["i"] . "/" . $arrayData["n"] . " " . $this->progressBar($totalUser, $countUser));
|
||||
}
|
||||
} while ($entry = ldap_next_entry($ldapcnn, $entry));
|
||||
}
|
||||
@@ -1351,6 +1365,307 @@ class LdapSource
|
||||
}
|
||||
}
|
||||
|
||||
public function usersUpdateData($authenticationSourceUid)
|
||||
{
|
||||
try {
|
||||
$totalUser = count($this->arrayAuthenticationSourceUsersByUid);
|
||||
$countUserUpdate = 0;
|
||||
$countUserDelete = 0;
|
||||
|
||||
// Set variables
|
||||
$rbac = RBAC::getSingleton();
|
||||
if (is_null($rbac->authSourcesObj)) {
|
||||
$rbac->authSourcesObj = new AuthenticationSource();
|
||||
}
|
||||
|
||||
|
||||
$filters = ['conditions' => ['AUTH_SOURCE_UID'=> $authenticationSourceUid]];
|
||||
$rbacAuthenticationSource = new RbacAuthenticationSource();
|
||||
$authSourceReturn = $rbacAuthenticationSource->show($filters);
|
||||
$authenticationSourceData = $authSourceReturn['data'][0];
|
||||
$authenticationSourceData['AUTH_SOURCE_DATA'] = json_decode($authenticationSourceData['AUTH_SOURCE_DATA'], true);
|
||||
$authenticationSourceData['AUTH_SOURCE_PASSWORD'] = G::decrypt($authenticationSourceData['AUTH_SOURCE_PASSWORD'], URL_KEY);
|
||||
|
||||
$ldapcnn = $this->ldapConnection($authenticationSourceData);
|
||||
$this->ldapcnn = $ldapcnn['connection'];
|
||||
$ldapcnn = $this->ldapcnn;
|
||||
|
||||
// Update Users
|
||||
$limit = $this->getPageSizeLimitByData($authenticationSourceData);
|
||||
$count = 0;
|
||||
|
||||
$uidUserIdentifier = (isset($authenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"])) ? $authenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
|
||||
|
||||
$filterUsers = "";
|
||||
$arrayUserUid = [];
|
||||
foreach ($this->arrayAuthenticationSourceUsersByUid as $arrayUserData) {
|
||||
$count++;
|
||||
$filterUsers .= "($uidUserIdentifier=" . $arrayUserData["USR_USERNAME"] . ")";
|
||||
$arrayUserUid[] = $arrayUserData["USR_UID"];
|
||||
|
||||
if ($count == $limit) {
|
||||
list($totalUser, $countUserUpdate, $countUserDelete) = $this->ldapUsersUpdateData(
|
||||
$ldapcnn,
|
||||
$authenticationSourceData,
|
||||
$filterUsers,
|
||||
$arrayUserUid,
|
||||
['totalUser' => $totalUser, 'countUserUpdated' => $countUserUpdate, 'countUserDeleted' => $countUserDelete]
|
||||
);
|
||||
|
||||
$count = 0;
|
||||
$filterUsers = "";
|
||||
$arrayUserUid = [];
|
||||
}
|
||||
}
|
||||
|
||||
if ($count > 0) {
|
||||
list($totalUser, $countUserUpdate, $countUserDelete) = $this->ldapUsersUpdateData(
|
||||
$ldapcnn,
|
||||
$authenticationSourceData,
|
||||
$filterUsers,
|
||||
$arrayUserUid,
|
||||
['totalUser' => $totalUser, 'countUserUpdated' => $countUserUpdate, 'countUserDeleted' => $countUserDelete]
|
||||
);
|
||||
}
|
||||
|
||||
return ['totalUser' => $totalUser, 'countUserUpdated' => $countUserUpdate, 'countUserDeleted' => $countUserDelete];
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
private function ldapUsersUpdateData($ldapcnn, array $arrayAuthSourceData, $filterUsers, array $listUids, array $countResult)
|
||||
{
|
||||
try {
|
||||
$totalUser = $countResult['totalUser'];
|
||||
$countUserUpdated = $countResult['countUserUpdated'];
|
||||
$countUserDeleted = $countResult['countUserDeleted'];
|
||||
|
||||
// Define the filter to search all users
|
||||
$filter = '(&(' . $this->arrayObjectClassFilter['user'] . ')(|' . $filterUsers . '))';
|
||||
// Search all the users
|
||||
$searchResult = @ldap_search($ldapcnn, $arrayAuthSourceData['AUTH_SOURCE_BASE_DN'], $filter, $this->arrayAttributesForUser);
|
||||
$context = [
|
||||
"baseDN" => $arrayAuthSourceData['AUTH_SOURCE_BASE_DN'],
|
||||
"filter" => $filter,
|
||||
"attributes" => $this->arrayAttributesForUser
|
||||
];
|
||||
$this->stdLog($ldapcnn, "ldap_search", $context);
|
||||
|
||||
if ($error = ldap_errno($ldapcnn)) {
|
||||
//
|
||||
} elseif ($searchResult && ldap_count_entries($ldapcnn, $searchResult) > 0) { // Check if at least one user was found
|
||||
$this->stdLog($ldapcnn, "ldap_count_entries");
|
||||
// Get Users from DB
|
||||
$arrayUser = [];
|
||||
|
||||
$user = new User();
|
||||
$filters = [
|
||||
'limit' => 10000,
|
||||
'conditions' => [['USR_STATUS', '!=', 'CLOSED']]];
|
||||
$userQueryData = $user->getByListUids($listUids, $filters);
|
||||
foreach ($userQueryData['data'] ?? [] as $userData) {
|
||||
$arrayUser[$userData['USR_USERNAME']] = $userData;
|
||||
}
|
||||
|
||||
// Get Users from LDAP Server
|
||||
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
||||
$this->stdLog($ldapcnn, "ldap_first_entry");
|
||||
// Save all the list of users
|
||||
$this->allListOfUsers = $arrayUser;
|
||||
// Check all the ldap entry found
|
||||
do {
|
||||
if ($this->ldapUserUpdateByDnAndData($ldapcnn, $arrayAuthSourceData, ldap_get_dn($ldapcnn, $entry), $arrayUser)) {
|
||||
$countUserUpdated++;
|
||||
// Progress bar
|
||||
$this->frontEndShow(
|
||||
'BAR',
|
||||
'Update Users data: ' . $countUserUpdated . '/' . $totalUser . ' ' . $this->progressBar($totalUser, $countUserUpdated)
|
||||
);
|
||||
}
|
||||
} while ($entry = ldap_next_entry($ldapcnn, $entry));
|
||||
$countUserDeleted = count($this->allListOfUsers);
|
||||
// List of users to delete
|
||||
foreach ($this->allListOfUsers as $index => $usr) {
|
||||
$user = new BusinessUser();
|
||||
$user->deleteGdpr($usr['USR_UID']);
|
||||
}
|
||||
// Register the users deleted
|
||||
$this->stdLog($ldapcnn, "deleteUsersGdpr", $this->allListOfUsers);
|
||||
} else { // If no user found, we supposed that all are deleted
|
||||
foreach ($listUids as $usr) {
|
||||
$user = new BusinessUser();
|
||||
$user->deleteGdpr($usr);
|
||||
}
|
||||
// Register the users deleted
|
||||
$this->stdLog($ldapcnn, "deleteAllUsersGdpr", $listUids);
|
||||
}
|
||||
|
||||
return [$totalUser, $countUserUpdated, $countUserDeleted];
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
private function ldapUserUpdateByDnAndData($ldapcnn, array $arrayAuthSourceData, $userDn, array $arrayUser)
|
||||
{
|
||||
try {
|
||||
// Set variables
|
||||
$rbac = RBAC::getSingleton();
|
||||
if (is_null($rbac->userObj)) {
|
||||
$rbac->userObj = new RbacUsers();
|
||||
}
|
||||
// Set variables
|
||||
$flagUser = false;
|
||||
$arrayAttributesToSync = [
|
||||
//Default attributes to sync
|
||||
'USR_FIRSTNAME' => 'givenname',
|
||||
'USR_LASTNAME' => 'sn',
|
||||
'USR_EMAIL' => 'mail',
|
||||
'USR_STATUS' => 'useraccountcontrol'
|
||||
];
|
||||
|
||||
if (!empty($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'])) {
|
||||
foreach ($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'] as $value) {
|
||||
$arrayAttributesToSync[$value['attributeUser']] = $value['attributeLdap'];
|
||||
}
|
||||
}
|
||||
|
||||
// Search User from LDAP Server
|
||||
$uidUserIdentifier = (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'])) ?
|
||||
$arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'] : 'uid';
|
||||
|
||||
$arrayAttribute = array_merge($this->arrayAttributesForUser, array_values($arrayAttributesToSync));
|
||||
$searchResult = @ldap_search($ldapcnn, $userDn, '(objectclass=*)', $arrayAttribute);
|
||||
$context = [
|
||||
"baseDN" => $userDn,
|
||||
"filter" => "(objectclass=*)",
|
||||
"attributes" => $arrayAttribute
|
||||
];
|
||||
$this->stdLog($ldapcnn, "ldap_search", $context);
|
||||
|
||||
if ($error = ldap_errno($ldapcnn)) {
|
||||
//
|
||||
} elseif ($searchResult && ldap_count_entries($ldapcnn, $searchResult) > 0) {
|
||||
$this->stdLog($ldapcnn, "ldap_count_entries");
|
||||
$entry = ldap_first_entry($ldapcnn, $searchResult);
|
||||
$this->stdLog($ldapcnn, "ldap_first_entry", $context);
|
||||
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
|
||||
$username = (isset($arrayUserLdap[$uidUserIdentifier])) ? $arrayUserLdap[$uidUserIdentifier] : '';
|
||||
|
||||
if ((is_array($username) && !empty($username)) || trim($username) != '') {
|
||||
$username = trim((is_array($username)) ? $username[0] : $username);
|
||||
|
||||
if (isset($arrayUser[$username])) {
|
||||
if (!isset($this->arrayUserUpdateChecked[$username])) {
|
||||
$this->arrayUserUpdateChecked[$username] = 1;
|
||||
$arrayUserDataUpdate = [];
|
||||
$extendedData = [];
|
||||
|
||||
foreach ($arrayAttributesToSync as $key => $value) {
|
||||
$fieldName = $key;
|
||||
$attributeName = strtolower($value);
|
||||
|
||||
if (isset($arrayUserLdap[$attributeName])) {
|
||||
$ldapAttributeValue = trim((is_array($arrayUserLdap[$attributeName])) ? $arrayUserLdap[$attributeName][0] : $arrayUserLdap[$attributeName]);
|
||||
|
||||
switch ($fieldName) {
|
||||
case 'USR_STATUS':
|
||||
if ($attributeName == 'useraccountcontrol') {
|
||||
$ldapAttributeValue = (preg_match('/^(?:' . '512|544|66048|66080' . ')$/', $ldapAttributeValue)) ? (($arrayUser[$username][$fieldName] == 'VACATION') ? 'VACATION' : 'ACTIVE') : 'INACTIVE';
|
||||
}
|
||||
break;
|
||||
case 'USR_DUE_DATE':
|
||||
if ($attributeName == 'accountexpires') {
|
||||
$ldapAttributeValue = $this->convertDateADtoPM($ldapAttributeValue);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if (isset($arrayUser[$username][$fieldName])) {
|
||||
if ($ldapAttributeValue != $arrayUser[$username][$fieldName]) {
|
||||
$arrayUserDataUpdate[$fieldName] = $ldapAttributeValue;
|
||||
}
|
||||
} else {
|
||||
$extendedData[$fieldName] = $ldapAttributeValue;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Update the extended data
|
||||
if (!empty($extendedData)) {
|
||||
$json = $arrayUser[$username]['USR_EXTENDED_ATTRIBUTES_DATA'];
|
||||
$oldExtendedData = empty($json) ? [] : json_decode($json, true);
|
||||
$extendedData = array_merge($oldExtendedData, $extendedData);
|
||||
$arrayUserDataUpdate['USR_EXTENDED_ATTRIBUTES_DATA'] = json_encode($extendedData);
|
||||
}
|
||||
// Update the user information
|
||||
if (!empty($arrayUserDataUpdate)) {
|
||||
$arrayUserDataUpdate['USR_UID'] = $arrayUser[$username]['USR_UID'];
|
||||
// Update User data
|
||||
$rbac->updateUser($arrayUserDataUpdate);
|
||||
$user = new Users();
|
||||
$result = $user->update($arrayUserDataUpdate);
|
||||
}
|
||||
// Remove the user from the array
|
||||
unset($this->allListOfUsers[$username]);
|
||||
} else {
|
||||
$this->log(
|
||||
$ldapcnn,
|
||||
'User is repeated: Username "' . $username . '", DN "' . $arrayUserLdap['dn'] . '"'
|
||||
);
|
||||
}
|
||||
|
||||
$flagUser = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Return
|
||||
return $flagUser;
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function setArrayDepartmentUsers($departmentUid)
|
||||
{
|
||||
try {
|
||||
$this->arrayDepartmentUsersByUid = [];
|
||||
$this->arrayDepartmentUsersByUsername = [];
|
||||
// Set data
|
||||
$user = new User();
|
||||
$filters = [
|
||||
'fields' => ['USR_UID', 'USR_USERNAME', 'USR_REPORTS_TO'],
|
||||
'limit' => 10000,
|
||||
'conditions' => [['USR_STATUS', '!=', 'CLOSED'], ['DEP_UID', '=', $departmentUid]]
|
||||
];
|
||||
$usersDepartment = $user->show($filters);
|
||||
foreach ($usersDepartment['data'] ?? [] as $userData) {
|
||||
$this->arrayDepartmentUsersByUid[$userData['USR_UID']] = $userData;
|
||||
$this->arrayDepartmentUsersByUsername[$userData['USR_USERNAME']] = $userData;
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function deactiveArrayOfUsers($aUsers)
|
||||
{
|
||||
$aUsrUid = [];
|
||||
foreach ($aUsers as $key => $val) {
|
||||
$aUsrUid[] = $val['sUsername'];
|
||||
}
|
||||
|
||||
$rbacUsers = new RbacUsers();
|
||||
$rbacUsers->updateDataFromListUsersUids(['USR_STATUS' => '0'], $aUsrUid);
|
||||
|
||||
$user = new User();
|
||||
$user->updateDataFromListUsersUids(['USR_STATUS' => 'INACTIVE', 'DEP_UID' => ''], $aUsrUid);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function departmentSynchronizeUser($departmentUid, array $arrayUserLdap, array $arrayData)
|
||||
{
|
||||
try {
|
||||
@@ -1444,6 +1759,165 @@ class LdapSource
|
||||
}
|
||||
}
|
||||
|
||||
public function createUserAndActivate($user, $depUid)
|
||||
{
|
||||
$rbac = RBAC::getSingleton();
|
||||
|
||||
if ($rbac->userObj == null) {
|
||||
$rbac->userObj = new RbacUsersModel();
|
||||
}
|
||||
|
||||
if ($rbac->rolesObj == null) {
|
||||
$rbac->rolesObj = new RolesModel();
|
||||
}
|
||||
|
||||
if ($rbac->usersRolesObj == null) {
|
||||
$rbac->usersRolesObj = new UsersRolesModel();
|
||||
}
|
||||
|
||||
$sUsername = $user['sUsername'];
|
||||
$sFullname = $user['sFullname'];
|
||||
$sFirstname = $user['sFirstname'];
|
||||
$sLastname = $user['sLastname'];
|
||||
$sEmail = $user['sEmail'];
|
||||
$sDn = $user['sDN'];
|
||||
$usrRole = empty($user['usrRole']) ? 'LURANA_OPERATOR' : $user['usrRole'];
|
||||
|
||||
$data = [];
|
||||
$data['USR_USERNAME'] = $sUsername;
|
||||
$data["USR_PASSWORD"] = "00000000000000000000000000000000";
|
||||
$data['USR_FIRSTNAME'] = $sFirstname;
|
||||
$data['USR_LASTNAME'] = $sLastname;
|
||||
$data['USR_EMAIL'] = $sEmail;
|
||||
$data['USR_DUE_DATE'] = date('Y-m-d', mktime(0, 0, 0, date('m'), date('d'), date('Y') + 2));
|
||||
$data['USR_CREATE_DATE'] = date('Y-m-d H:i:s');
|
||||
$data['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
|
||||
$data['USR_BIRTHDAY'] = date('Y-m-d');
|
||||
$data['USR_STATUS'] = 1;
|
||||
$data['USR_AUTH_TYPE'] = 'ldapadvanced';
|
||||
$data['UID_AUTH_SOURCE'] = $this->authSourceUid;
|
||||
$data['USR_AUTH_USER_DN'] = $sDn;
|
||||
|
||||
$userUid = $rbac->createUser($data, $usrRole);
|
||||
|
||||
$data['USR_STATUS'] = 'ACTIVE';
|
||||
$data['USR_UID'] = $userUid;
|
||||
$data['DEP_UID'] = $depUid;
|
||||
$data['USR_ROLE'] = $usrRole;
|
||||
|
||||
$users = new Users();
|
||||
$users->create($data);
|
||||
|
||||
return $userUid;
|
||||
}
|
||||
|
||||
public function getDepUidIfExistsDN($currentDN)
|
||||
{
|
||||
try {
|
||||
$department = new Department();
|
||||
$filters = [
|
||||
'fields' => ['DEP_UID', 'DEP_LDAP_DN'],
|
||||
'conditions' => [['DEP_STATUS', '=', 'ACTIVE'], ['DEP_LDAP_DN', '=', $currentDN]],
|
||||
'limit' => 1
|
||||
];
|
||||
$departmentsData = $department->show($filters);
|
||||
if (!empty($departmentsData['data']) && isset($departmentsData['data'][0]['DEP_UID'])) {
|
||||
return $departmentsData['data'][0]['DEP_UID'];
|
||||
}
|
||||
return '';
|
||||
} catch (Exception $e) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public function activateUser($userUid, $userDn = null, $depUid = null)
|
||||
{
|
||||
$rbacUsers = new RbacUsers();
|
||||
$setData = [
|
||||
'USR_STATUS' => '1'
|
||||
];
|
||||
if ($userDn != null) {
|
||||
$setData['USR_AUTH_USER_DN'] = $userDn;
|
||||
$setData['USR_AUTH_SUPERVISOR_DN'] = '';
|
||||
}
|
||||
$rbacUsers->updateData(
|
||||
$setData,
|
||||
['USR_UID' => $userUid]
|
||||
);
|
||||
|
||||
$user = new User();
|
||||
$setData = [
|
||||
'USR_STATUS' => 'ACTIVE'
|
||||
];
|
||||
if ($depUid != null) {
|
||||
$setData['DEP_UID'] = $depUid;
|
||||
}
|
||||
$user->updateData(
|
||||
$setData,
|
||||
['USR_UID' => $userUid]
|
||||
);
|
||||
}
|
||||
|
||||
public function getUserFromPM($username)
|
||||
{
|
||||
try {
|
||||
$user = new User();
|
||||
$dataUser = $user->show([
|
||||
'fields' => ['USR_UID', 'USR_USERNAME', 'DEP_UID'],
|
||||
'conditions' => [['USR_USERNAME', '=', $username], ['USR_STATUS', '!=', 'CLOSED']],
|
||||
'limit' => 1
|
||||
]);
|
||||
if (!empty($dataUser) && isset($dataUser['data'][0])) {
|
||||
return $dataUser['data'][0];
|
||||
}
|
||||
return [];
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function authenticationSourceGetUserDataIfUsernameExists($username)
|
||||
{
|
||||
try {
|
||||
if (isset($this->arrayAuthenticationSourceUsersByUsername[$username])) {
|
||||
return $this->arrayAuthenticationSourceUsersByUsername[$username];
|
||||
}
|
||||
// Return
|
||||
return [];
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function departmentGetUserDataIfUsernameExists($username)
|
||||
{
|
||||
try {
|
||||
if (isset($this->arrayDepartmentUsersByUsername[$username])) {
|
||||
return $this->arrayDepartmentUsersByUsername[$username];
|
||||
}
|
||||
// Return
|
||||
return [];
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function setArrayAuthenticationSourceUser($userUid, array $arrayUserLdap)
|
||||
{
|
||||
try {
|
||||
$arrayUserData = [
|
||||
"USR_UID" => $userUid,
|
||||
"USR_USERNAME" => $arrayUserLdap["sUsername"],
|
||||
"USR_AUTH_USER_DN" => $arrayUserLdap["sDN"]
|
||||
];
|
||||
// Set data
|
||||
$this->arrayAuthenticationSourceUsersByUid[$arrayUserData["USR_UID"]] = $arrayUserData;
|
||||
$this->arrayAuthenticationSourceUsersByUsername[$arrayUserData["USR_USERNAME"]] = $arrayUserData;
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function debugLog($text)
|
||||
{
|
||||
try {
|
||||
@@ -1468,4 +1942,190 @@ class LdapSource
|
||||
}
|
||||
return $datePM;
|
||||
}
|
||||
|
||||
public function setDebug($debug)
|
||||
{
|
||||
try {
|
||||
$this->debug = $debug;
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function setFrontEnd($flag)
|
||||
{
|
||||
try {
|
||||
$this->frontEnd = $flag;
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function frontEndShow($option, $data = "")
|
||||
{
|
||||
try {
|
||||
if (!$this->frontEnd) {
|
||||
return;
|
||||
}
|
||||
|
||||
$numc = 100;
|
||||
|
||||
switch ($option) {
|
||||
case "BAR":
|
||||
echo "\r" . "| " . $data . str_repeat(" ", $numc - 2 - strlen($data));
|
||||
break;
|
||||
case "TEXT":
|
||||
echo "\r" . "| " . $data . str_repeat(" ", $numc - 2 - strlen($data)) . "\n";
|
||||
break;
|
||||
default: //START, END
|
||||
echo "\r" . "+" . str_repeat("-", $numc - 2) . "+" . "\n";
|
||||
break;
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public function setArrayAuthenticationSourceUsers($authSourceUid = '')
|
||||
{
|
||||
try {
|
||||
if (empty($authSourceUid)) {
|
||||
$authSourceUid = $this->authSourceUid;
|
||||
}
|
||||
|
||||
$this->arrayAuthenticationSourceUsersByUid = [];
|
||||
$this->arrayAuthenticationSourceUsersByUsername = [];
|
||||
|
||||
$filters = [
|
||||
'select' => ['USR_USERNAME', 'USR_UID', 'USR_AUTH_USER_DN'],
|
||||
'fields' => ['USR_USERNAME', 'USR_UID'],
|
||||
'conditions' => [
|
||||
'UID_AUTH_SOURCE' => $authSourceUid,
|
||||
'USR_AUTH_TYPE' => 'ldapadvanced',
|
||||
'USR_STATUS' => 1
|
||||
]
|
||||
];
|
||||
$rbacUsers = new RbacUsers();
|
||||
$usersByAuthSource = $rbacUsers->show($filters);
|
||||
|
||||
foreach ($usersByAuthSource['data'] ?? [] as $row) {
|
||||
$this->arrayAuthenticationSourceUsersByUid[$row["USR_UID"]] = $row;
|
||||
$this->arrayAuthenticationSourceUsersByUsername[$row["USR_USERNAME"]] = $row;
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function clearManager($usersUIDs)
|
||||
{
|
||||
try {
|
||||
$criteriaSet = new Criteria('workflow');
|
||||
$criteriaSet->add(UsersPeer::USR_REPORTS_TO, '');
|
||||
$criteriaWhere = new Criteria('workflow');
|
||||
$criteriaWhere->add(UsersPeer::USR_UID, $usersUIDs, Criteria::IN);
|
||||
BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection('workflow'));
|
||||
} catch (Exception $error) {
|
||||
$this->log($this->ldapcnn, $error->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public function getUsersFromRemovedOu($aAuthSource)
|
||||
{
|
||||
$aUsers = []; //empty array is the default result
|
||||
$attributes = $aAuthSource["AUTH_SOURCE_DATA"];
|
||||
$this->sTerminatedOu = isset($attributes['AUTH_SOURCE_RETIRED_OU']) ? trim($attributes['AUTH_SOURCE_RETIRED_OU']) : '';
|
||||
|
||||
if ($this->sTerminatedOu == '') {
|
||||
return $aUsers;
|
||||
}
|
||||
|
||||
return $this->getUsersFromDepartmentByName($this->sTerminatedOu);
|
||||
}
|
||||
|
||||
public function synchronizeManagers($managersHierarchy)
|
||||
{
|
||||
try {
|
||||
foreach ($managersHierarchy as $managerDN => $subordinates) {
|
||||
$rbacUser = new RbacUsers();
|
||||
$rbacUsersData = $rbacUser->show(['conditions' => ['USR_AUTH_USER_DN' => $managerDN]]);
|
||||
|
||||
if (!empty($rbacUsersData['data'])) {
|
||||
$user = new User();
|
||||
$userData['USR_REPORTS_TO'] = $rbacUsersData['data'][0]['USR_UID'];
|
||||
$user->updateDataFromListUsersUids($userData, $subordinates);
|
||||
}
|
||||
}
|
||||
} catch (Exception $error) {
|
||||
$this->log($this->ldapcnn, $error->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public function progressBar($total, $count)
|
||||
{
|
||||
try {
|
||||
$p = (int) (($count * 100) / $total);
|
||||
$n = (int) ($p / 2);
|
||||
|
||||
return "[" . str_repeat("|", $n) . str_repeat(" ", 50 - $n) . "] $p%";
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function getRegisteredDepartments(array $arrayLdapDepartment, array $arrayDbDepartment)
|
||||
{
|
||||
$aResult = [];
|
||||
|
||||
if (!empty($arrayLdapDepartment)) {
|
||||
$arrayLdapDepartment[0]["ou"] = $arrayLdapDepartment[0]["ou"] . " " . $arrayLdapDepartment[0]["dn"]; //Discard ROOT
|
||||
|
||||
foreach ($arrayLdapDepartment as $ldapDept) {
|
||||
foreach ($arrayDbDepartment as $department) {
|
||||
if ($department["DEP_TITLE"] == $ldapDept["ou"] && $department["DEP_LDAP_DN"] == $ldapDept["dn"]) {
|
||||
$aResult[] = $department;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $aResult;
|
||||
}
|
||||
|
||||
public function getRegisteredGroups(array $arrayLdapGroup, array $arrayDbGroup)
|
||||
{
|
||||
$aResult = [];
|
||||
|
||||
if (!empty($arrayLdapGroup)) {
|
||||
foreach ($arrayLdapGroup as $ldapGroup) {
|
||||
foreach ($arrayDbGroup as $group) {
|
||||
if ($group["GRP_TITLE"] == $ldapGroup["cn"] && $group["GRP_LDAP_DN"] == $ldapGroup["dn"]) {
|
||||
$aResult[] = $group;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $aResult;
|
||||
}
|
||||
|
||||
public function setArrayDepartmentUserSynchronizedChecked(array $arrayData)
|
||||
{
|
||||
try {
|
||||
$this->arrayDepartmentUserSynchronizedChecked = $arrayData;
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function setArrayUserUpdateChecked(array $arrayData)
|
||||
{
|
||||
try {
|
||||
$this->arrayUserUpdateChecked = $arrayData;
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user