From 3fc6d8e1a5d940b3ccfee0a920a85d002cbb7ad2 Mon Sep 17 00:00:00 2001 From: Roly Rudy Gutierrez Pinto Date: Tue, 5 Jan 2021 23:21:34 -0400 Subject: [PATCH] PMCORE-2589 No logs created when editing a field of a Authentication Sources connection --- .../classes/model/AuthenticationSource.php | 6 + workflow/engine/classes/LdapAdvanced.php | 161 ++++++++++++++++-- .../engine/methods/services/ldapadvanced.php | 98 +++++++++++ 3 files changed, 252 insertions(+), 13 deletions(-) diff --git a/rbac/engine/classes/model/AuthenticationSource.php b/rbac/engine/classes/model/AuthenticationSource.php index 3b16760c6..60f093290 100644 --- a/rbac/engine/classes/model/AuthenticationSource.php +++ b/rbac/engine/classes/model/AuthenticationSource.php @@ -16,6 +16,8 @@ */ require_once 'classes/model/om/BaseAuthenticationSource.php'; +use Illuminate\Support\Facades\Log; + /** * @package rbac-classes-model */ @@ -69,6 +71,7 @@ class AuthenticationSource extends BaseAuthenticationSource { $oConnection->begin(); $iResult = $oAuthenticationSource->save(); $oConnection->commit(); + Log::channel(':ldapAdvanced')->info("create", Bootstrap::context($aData)); $authSourceServerName = isset($aData['AUTH_SOURCE_SERVER_NAME']) ? ' - Server Name: '.$aData['AUTH_SOURCE_SERVER_NAME'] : ''; $authSourcePort = isset($aData['AUTH_SOURCE_PORT']) ? ' - Port: '.$aData['AUTH_SOURCE_PORT'] : ''; @@ -122,6 +125,7 @@ class AuthenticationSource extends BaseAuthenticationSource { $oConnection->begin(); $iResult = $oAuthenticationSource->save(); $oConnection->commit(); + Log::channel(':ldapAdvanced')->info("update", Bootstrap::context($aData)); G::auditLog("UpdateAuthSource", "Authentication Source Name: ".$aData['AUTH_SOURCE_NAME']." - Authentication Source ID: (".$aData['AUTH_SOURCE_UID'].") ".$authSourceServerName.$authSourcePort.$authSourceEnabledTLS.$authSourceVersion.$authSourceBaseDn.$authAnonymous.$authSourceSearchUser.$authSourceLdapType.$authSourceIdentifier.$authSourceFilter); return $iResult; } @@ -131,6 +135,7 @@ class AuthenticationSource extends BaseAuthenticationSource { foreach($aValidationFailures as $oValidationFailure) { $sMessage .= $oValidationFailure->getMessage() . '
'; } + Log::channel(':ldapAdvanced')->error($sMessage, Bootstrap::context($aData)); throw(new Exception('The registry cannot be updated!
'.$sMessage)); } } @@ -158,6 +163,7 @@ class AuthenticationSource extends BaseAuthenticationSource { $oConnection->begin(); $iResult = $oAuthenticationSource->delete(); $oConnection->commit(); + Log::channel(':ldapAdvanced')->info("remove", Bootstrap::context(["AUTH_SOURCE_UID" => $sUID])); G::auditLog("DeleteAuthSource", "Authentication Source Name: ".$authenticationSource['AUTH_SOURCE_NAME']." Authentication Source ID: (".$sUID.") "); return $iResult; diff --git a/workflow/engine/classes/LdapAdvanced.php b/workflow/engine/classes/LdapAdvanced.php index 3f7f95e79..a98db7041 100644 --- a/workflow/engine/classes/LdapAdvanced.php +++ b/workflow/engine/classes/LdapAdvanced.php @@ -72,6 +72,7 @@ class LdapAdvanced */ public function __construct() { + } /** @@ -298,8 +299,8 @@ class LdapAdvanced public function progressBar($total, $count) { try { - $p = (int)(($count * 100) / $total); - $n = (int)($p / 2); + $p = (int) (($count * 100) / $total); + $n = (int) ($p / 2); return "[" . str_repeat("|", $n) . str_repeat(" ", 50 - $n) . "] $p%"; } catch (Exception $e) { @@ -454,7 +455,6 @@ class LdapAdvanced */ public function log($link, $text) { - //$serverAddr = $_SERVER["SERVER_ADDR"]; $logFile = PATH_DATA . "log/ldapAdvanced.log"; if (!file_exists($logFile) || is_writable($logFile)) { @@ -515,16 +515,19 @@ class LdapAdvanced } $ldapcnn = ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], $aAuthSource['AUTH_SOURCE_PORT']); + $this->stdLog($ldapcnn, "ldap_connect", $aAuthSource); $ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"]; ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3); + $this->stdLog($ldapcnn, "ldap_set_option", $aAuthSource); ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0); + $this->stdLog($ldapcnn, "ldap_set_option", $aAuthSource); if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) { $resultLDAPStartTLS = @ldap_start_tls($ldapcnn); + $this->stdLog($ldapcnn, "ldap_start_tls", $aAuthSource); $ldapServer = "TLS " . $ldapServer; - //$this->log($ldapcnn, "start tls"); } if ($aAuthSource["AUTH_ANONYMOUS"] == "1") { @@ -534,6 +537,7 @@ class LdapAdvanced $bBind = @ldap_bind($ldapcnn, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']); $this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]); } + $this->stdLog($ldapcnn, "ldap_bind", $aAuthSource); $this->getDiagnosticMessage($ldapcnn); if (!$bBind) { throw new Exception("Unable to bind to server: $ldapServer . " . "LDAP-Errno: " . ldap_errno($ldapcnn) . " : " . ldap_error($ldapcnn) . " \n"); @@ -582,6 +586,7 @@ class LdapAdvanced ]; $message = ''; ldap_get_option($linkIdentifier, LDAP_OPT_DIAGNOSTIC_MESSAGE, $messageError); + $this->stdLog($linkIdentifier, "ldap_get_option", ["error" => $messageError]); foreach ($keysError as $key => $value) { if (strpos($messageError, (string) $value['code']) !== false) { $message = $value['message']; @@ -613,8 +618,10 @@ class LdapAdvanced $arrayAttributes = array(); $arrayAttributes['dn'] = ldap_get_dn($ldapcnn, $entry); + $this->stdLog($ldapcnn, "ldap_get_dn"); $arrayAux = ldap_get_attributes($ldapcnn, $entry); + $this->stdLog($ldapcnn, "ldap_get_attributes"); for ($i = 0; $i <= $arrayAux["count"] - 1; $i++) { $key = strtolower($arrayAux[$i]); @@ -667,6 +674,7 @@ class LdapAdvanced $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK"); $numEntries = ldap_count_entries($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_count_entries"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK > \$numEntries ----> $numEntries"); @@ -676,6 +684,7 @@ class LdapAdvanced $this->log($ldapcnn, "Search $dn accounts with identifier = $uidUserIdentifier"); $entry = ldap_first_entry($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_first_entry"); do { $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry); @@ -773,8 +782,10 @@ class LdapAdvanced do { ldap_control_paged_result($ldapcnn, $limit, true, $cookie); + $this->stdLog($ldapcnn, "ldap_control_paged_result", ["limit" => $limit]); $searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser); + $this->stdLog($ldapcnn, "ldap_list", ["filter" => $filter, "attributes" => $this->arrayAttributesForUser]); if ($error = ldap_errno($ldapcnn)) { $flagError = true; @@ -793,6 +804,7 @@ class LdapAdvanced if (!$flagError) { ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie); + $this->stdLog($ldapcnn, "ldap_control_paged_result_response"); } } while (($cookie !== null && $cookie != '') && !$flagError); @@ -811,6 +823,7 @@ class LdapAdvanced $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter"); $searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser); + $this->stdLog($ldapcnn, "ldap_list", ["attributes" => $this->arrayAttributesForUser]); if ($error = ldap_errno($ldapcnn)) { $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > ERROR > \$error ---->\n" . print_r($error, true)); @@ -891,13 +904,21 @@ class LdapAdvanced $member = $value; //User DN $searchResult = @ldap_search($ldapcnn, $member, $filter, $this->arrayAttributesForUser); + $context = [ + "baseDN" => $member, + "filter" => $filter, + "attributes" => $this->arrayAttributesForUser + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($error = ldap_errno($ldapcnn)) { // } else { if ($searchResult) { if (ldap_count_entries($ldapcnn, $searchResult) > 0) { + $this->stdLog($ldapcnn, "ldap_count_entries"); $entry = ldap_first_entry($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_first_entry"); $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry); @@ -972,6 +993,12 @@ class LdapAdvanced $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > \$filter ----> $filter"); $searchResult = @ldap_search($ldapcnn, $dn, $filter, array($memberAttribute)); + $context = [ + "baseDN" => $dn, + "filter" => $filter, + "attributes" => [$memberAttribute] + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($error = ldap_errno($ldapcnn)) { $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > ERROR > \$error ---->\n" . print_r($error, true)); @@ -982,11 +1009,13 @@ class LdapAdvanced $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2"); $numEntries = ldap_count_entries($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_count_entries"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > \$numEntries ----> $numEntries"); if ($numEntries > 0) { $entry = ldap_first_entry($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_first_entry"); $arrayGroupLdap = $this->ldapGetAttributes($ldapcnn, $entry); @@ -1027,13 +1056,21 @@ class LdapAdvanced $memberAttribute2 = $memberAttribute . ';range=' . $start . '-' . $end; $searchResult = @ldap_search($ldapcnn, $dn, $filter, [$memberAttribute2]); + $context = [ + "baseDN" => $dn, + "filter" => $filter, + "attributes" => [$memberAttribute2] + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($error = ldap_errno($ldapcnn)) { break; } else { if ($searchResult) { if (ldap_count_entries($ldapcnn, $searchResult) > 0) { + $this->stdLog($ldapcnn, "ldap_count_entries"); $entry = ldap_first_entry($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_first_entry"); $arrayGroupLdap = $this->ldapGetAttributes($ldapcnn, $entry); @@ -1347,16 +1384,24 @@ class LdapAdvanced $filter = "(&$filter(|(dn=$keyword)(uid=$keyword)(samaccountname=$keyword)(givenname=$keyword)(sn=$keyword)(cn=$keyword)(mail=$keyword)(userprincipalname=$keyword)))"; $oSearch = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd)); + $context = [ + "baseDN" => $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], + "filter" => $filter, + "attribute" => array_merge($this->arrayAttributesForUser, $attributeSetAdd) + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($oError = ldap_errno($ldapcnn)) { $this->log($ldapcnn, "Error in Search users"); } else { if ($oSearch) { $entries = ldap_count_entries($ldapcnn, $oSearch); + $this->stdLog($ldapcnn, "ldap_count_entries"); $totalUser = $entries; if ($entries > 0) { $oEntry = ldap_first_entry($ldapcnn, $oSearch); + $this->stdLog($ldapcnn, "ldap_first_entry"); $countEntries = 0; @@ -1508,6 +1553,12 @@ class LdapAdvanced $filter = "(&(" . $this->arrayObjectClassFilter["user"] . ")(|($uidUserIdentifier=$keyword)$filter2))"; $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd)); + $context = [ + "baseDN" => $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], + "filter" => $filter, + "attribute" => array_merge($this->arrayAttributesForUser, $attributeSetAdd) + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($error = ldap_errno($ldapcnn)) { $messageError = ldap_err2str($error); @@ -1516,9 +1567,11 @@ class LdapAdvanced } else { if ($searchResult) { $numEntries = ldap_count_entries($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_count_entries"); if ($numEntries > 0) { $entry = ldap_first_entry($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_first_entry"); $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry); @@ -1702,8 +1755,15 @@ class LdapAdvanced do { ldap_control_paged_result($ldapcnn, $limit, true, $cookie); + $this->stdLog($ldapcnn, "ldap_control_paged_result", ["pageSize" => $limit, "isCritical" => true]); $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'ou']); + $context = [ + "baseDN" => $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], + "filter" => $filter, + "attributes" => ['dn', 'ou'] + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($error = ldap_errno($ldapcnn)) { $this->log($ldapcnn, 'Error in Search'); @@ -1723,7 +1783,9 @@ class LdapAdvanced //Get departments from the ldap entries if (ldap_count_entries($ldapcnn, $searchResult) > 0) { + $this->stdLog($ldapcnn, "ldap_count_entries"); $entry = ldap_first_entry($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_first_entry", $context); do { $arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry); @@ -1752,6 +1814,7 @@ class LdapAdvanced if (!$flagError) { ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie); + $this->stdLog($ldapcnn, "ldap_control_paged_result_response", $context); } } while (($cookie !== null && $cookie != '') && !$flagError); @@ -1791,6 +1854,12 @@ class LdapAdvanced $ldapcnn = $this->ldapcnn; $oSearch = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $dFilter, $this->arrayAttributesForUser); + $context = [ + "baseDN" => $aAuthSource["AUTH_SOURCE_BASE_DN"], + "filter" => $dFilter, + "attributes" => $this->arrayAttributesForUser + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($oError = ldap_errno($ldapcnn)) { return $aUsers; @@ -1798,7 +1867,9 @@ class LdapAdvanced if ($oSearch) { //get the departments from the ldap entries if (ldap_count_entries($ldapcnn, $oSearch) > 0) { + $this->stdLog($ldapcnn, "ldap_count_entries"); $oEntry = ldap_first_entry($ldapcnn, $oSearch); + $this->stdLog($ldapcnn, "ldap_first_entry"); do { $aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry); @@ -1886,7 +1957,6 @@ class LdapAdvanced return $terminated; } - /* activate an user previously deactivated if user is now in another department, we need the second parameter, the depUid @@ -2326,8 +2396,15 @@ class LdapAdvanced do { ldap_control_paged_result($ldapcnn, $limit, true, $cookie); + $this->stdLog($ldapcnn, "ldap_control_paged_result", ["pageSize" => $limit, "isCritical" => true]); $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'cn']); + $context = [ + "baseDN" => $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], + "filter" => $filter, + "attributes" => ['dn', 'cn'] + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($error = ldap_errno($ldapcnn)) { $this->log($ldapcnn, 'Error in Search'); @@ -2337,9 +2414,11 @@ class LdapAdvanced if ($searchResult) { //Get groups from the ldap entries $countEntries = ldap_count_entries($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_count_entries"); if ($countEntries > 0) { $entry = ldap_first_entry($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_first_entry"); do { $arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry); @@ -2358,6 +2437,7 @@ class LdapAdvanced if (!$flagError) { ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie); + $this->stdLog($ldapcnn, "ldap_control_paged_result_response"); } } while (($cookie !== null && $cookie != '') && !$flagError); @@ -2513,14 +2593,15 @@ class LdapAdvanced { $dn = trim($dn, ','); $result = ldap_explode_dn($dn, 0); + $this->stdLog(null, "ldap_explode_dn", ["dn" => $dn]); if (is_array($result)) { unset($result['count']); foreach ($result as $key => $value) { - $result[$key] = addcslashes(preg_replace_callback("/\\\([0-9A-Fa-f]{2})/", function ($m) { - return chr(hexdec($m[1])); - }, $value), '<>,"'); + $result[$key] = addcslashes(preg_replace_callback("/\\\([0-9A-Fa-f]{2})/", function ($m) { + return chr(hexdec($m[1])); + }, $value), '<>,"'); } } @@ -2777,12 +2858,20 @@ class LdapAdvanced $arrayAttribute = array_merge($this->arrayAttributesForUser, array_values($arrayAttributesToSync)); $searchResult = @ldap_search($ldapcnn, $userDn, '(objectclass=*)', $arrayAttribute); + $context = [ + "baseDN" => $userDn, + "filter" => "(objectclass=*)", + "attributes" => $arrayAttribute + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($error = ldap_errno($ldapcnn)) { // } else { if ($searchResult && ldap_count_entries($ldapcnn, $searchResult) > 0) { + $this->stdLog($ldapcnn, "ldap_count_entries"); $entry = ldap_first_entry($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_first_entry", $context); $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry); @@ -2873,11 +2962,18 @@ class LdapAdvanced $filter = '(&(' . $this->arrayObjectClassFilter['user'] . ')(|' . $filterUsers . '))'; $searchResult = @ldap_search($ldapcnn, $arrayAuthSourceData['AUTH_SOURCE_BASE_DN'], $filter, $this->arrayAttributesForUser); + $context = [ + "baseDN" => $arrayAuthSourceData['AUTH_SOURCE_BASE_DN'], + "filter" => $filter, + "attributes" => $this->arrayAttributesForUser + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($error = ldap_errno($ldapcnn)) { // } else { if ($searchResult && ldap_count_entries($ldapcnn, $searchResult) > 0) { + $this->stdLog($ldapcnn, "ldap_count_entries"); //Get Users from DB $arrayUser = []; @@ -2897,14 +2993,15 @@ class LdapAdvanced //Get Users from LDAP Server $entry = ldap_first_entry($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_first_entry"); do { if ($this->ldapUserUpdateByDnAndData( - $ldapcnn, - $arrayAuthSourceData, - ldap_get_dn($ldapcnn, $entry), - $arrayUser - ) + $ldapcnn, + $arrayAuthSourceData, + ldap_get_dn($ldapcnn, $entry), + $arrayUser + ) ) { $countUser++; @@ -3031,9 +3128,16 @@ class LdapAdvanced } $searchResult = @ldap_search($ldapcnn, $baseDn, '(|(objectclass=*))', ['dn']); + $context = [ + "baseDN" => $baseDn, + "filter" => "(|(objectclass=*))", + "attributes" => ['dn'] + ]; + $this->stdLog($ldapcnn, "ldap_search", $context); if ($searchResult) { $countEntries = ldap_count_entries($ldapcnn, $searchResult); + $this->stdLog($ldapcnn, "ldap_count_entries"); if ($countEntries > 0) { $limit = ($countEntries > $limit) ? $limit : $countEntries; @@ -3045,4 +3149,35 @@ class LdapAdvanced throw $e; } } + + /** + * Standard log + * @param resource $link + * @param string $message + * @param array $context + * @param string $level + */ + public function stdLog($link, $message = "", $context = [], $level = "info") + { + if (empty($link)) { + switch ($level) { + case "error": + Log::channel(':ldapAdvanced')->error($message, Bootstrap::context($context)); + break; + case "info": + default: + Log::channel(':ldapAdvanced')->info($message, Bootstrap::context($context)); + break; + } + return; + } + $code = ldap_errno($link); + $detail = ldap_err2str($code); + $context["detail"] = $detail; + if ($code === 0) { + Log::channel(':ldapAdvanced')->info($message, Bootstrap::context($context)); + } else { + Log::channel(':ldapAdvanced')->error($message, Bootstrap::context($context)); + } + } } diff --git a/workflow/engine/methods/services/ldapadvanced.php b/workflow/engine/methods/services/ldapadvanced.php index 084d9c3d5..142f1232f 100644 --- a/workflow/engine/methods/services/ldapadvanced.php +++ b/workflow/engine/methods/services/ldapadvanced.php @@ -66,11 +66,13 @@ class ldapadvancedClassCron $plugin->frontEndShow("START"); $plugin->debugLog("START"); + $plugin->stdLog(null, "cron execution started"); foreach ($arrayAuthenticationSource as $value) { $arrayAuthenticationSourceData = $value; try { $plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$arrayAuthenticationSourceData ---->\n" . print_r($arrayAuthenticationSourceData, true)); + $plugin->stdLog(null, "AuthenticationSourceData", ["result" => $arrayAuthenticationSourceData]); $plugin->sAuthSource = $arrayAuthenticationSourceData["AUTH_SOURCE_UID"]; $plugin->ldapcnn = null; @@ -84,6 +86,10 @@ class ldapadvancedClassCron $plugin->frontEndShow("TEXT", "Authentication Source: " . $arrayAuthenticationSourceData["AUTH_SOURCE_NAME"]); $plugin->log(null, "Executing cron for Authentication Source: " . $arrayAuthenticationSourceData["AUTH_SOURCE_NAME"]); + $context = [ + "AUTH_SOURCE_NAME" => $arrayAuthenticationSourceData["AUTH_SOURCE_NAME"] + ]; + $plugin->stdLog(null, "authentication source", $context); //Get all departments from Ldap/ActiveDirectory and build a hierarchy using dn (ou->ou parent) $aLdapDepts = $plugin->searchDepartments(); @@ -92,6 +98,7 @@ class ldapadvancedClassCron $aRegisteredDepts = $plugin->getRegisteredDepartments($aLdapDepts, $aDepartments); $plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$aRegisteredDepts ---->\n" . print_r($aRegisteredDepts, true)); + $plugin->stdLog(null, "RegisteredDepartments", ["result" => $aRegisteredDepts]); //Get all group from Ldap/ActiveDirectory $aLdapGroups = $plugin->searchGroups(); @@ -100,6 +107,7 @@ class ldapadvancedClassCron $aRegisteredGroups = $plugin->getRegisteredGroups($aLdapGroups, $aGroups); $plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$aRegisteredGroups ---->\n" . print_r($aRegisteredGroups, true)); + $plugin->stdLog(null, "RegisteredGroups", ["result" => $aRegisteredGroups]); //Get all users from Removed OU $this->usersRemovedOu = $plugin->getUsersFromRemovedOu($arrayAuthenticationSourceData); @@ -136,6 +144,7 @@ class ldapadvancedClassCron $count = 0; $plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$numDepartments ----> $numDepartments"); + $plugin->stdLog(null, "NumberDepartments", ["result" => $numDepartments]); foreach ($aRegisteredDepts as $registeredDept) { $count++; @@ -155,12 +164,21 @@ class ldapadvancedClassCron $plugin->frontEndShow("TEXT", $logResults); $plugin->log(null, $logResults); + $context = [ + "existingUsers" => $this->dAlready, + "moved" => $this->dMoved, + "impossible" => $this->dImpossible, + "created" => $this->dCreated, + "removed" => $this->dRemoved + ]; + $plugin->stdLog(null, "departments", $context); //Group - Synchronize Users $numGroups = count($aRegisteredGroups); $count = 0; $plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$numGroups ----> $numGroups"); + $plugin->stdLog(null, "NumberGroups", ["result" => $numGroups]); foreach ($aRegisteredGroups as $registeredGroup) { $count++; @@ -180,6 +198,14 @@ class ldapadvancedClassCron $plugin->frontEndShow("TEXT", $logResults); $plugin->log(null, $logResults); + $context = [ + "existingUsers" => $this->gAlready, + "moved" => $this->gMoved, + "impossible" => $this->gImpossible, + "created" => $this->gCreated, + "removed" => $this->gRemoved + ]; + $plugin->stdLog(null, "groups", $context); //Manager $plugin->clearManager($this->managersToClear); @@ -317,35 +343,68 @@ class ldapadvancedClassCron $plugin->frontEndShow("TEXT", $logResults); $plugin->log(null, $logResults); + $context = [ + "deletedRemoved" => $this->deletedRemoved + ]; + $plugin->stdLog(null, "deleted/removed users", $context); if ($this->deletedRemoved > 0) { $plugin->log(null, "Deleted/Removed Users: "); $plugin->log(null, $this->deletedRemovedUsers); + $context = [ + "deletedRemovedUsers" => $this->deletedRemovedUsers + ]; + $plugin->stdLog(null, "deleted/removed users", $context); } if ($this->dAlready + $this->gAlready > 0) { $plugin->log(null, "Existing Users: "); $plugin->log(null, $this->dAlreadyUsers . " " . $this->gAlreadyUsers); + $context = [ + "dAlreadyUsers" => $this->dAlreadyUsers, + "gAlreadyUsers" => $this->gAlreadyUsers + ]; + $plugin->stdLog(null, "existing users", $context); } if ($this->dMoved + $this->gMoved > 0) { $plugin->log(null, "Moved Users: "); $plugin->log(null, $this->dMovedUsers . " " . $this->gMovedUsers); + $context = [ + "dMovedUsers" => $this->dMovedUsers, + "gMovedUsers" => $this->gMovedUsers + ]; + $plugin->stdLog(null, "moved users", $context); } if ($this->dImpossible + $this->gImpossible > 0) { $plugin->log(null, "Impossible Users: "); $plugin->log(null, $this->dImpossibleUsers . " " . $this->gImpossibleUsers); + $context = [ + "dImpossibleUsers" => $this->dImpossibleUsers, + "gImpossibleUsers" => $this->gImpossibleUsers + ]; + $plugin->stdLog(null, "impossible users", $context); } if ($this->dCreated + $this->gCreated > 0) { $plugin->log(null, "Created Users: "); $plugin->log(null, $this->dCreatedUsers . " " . $this->gCreatedUsers); + $context = [ + "dCreatedUsers" => $this->dCreatedUsers, + "gCreatedUsers" => $this->gCreatedUsers + ]; + $plugin->stdLog(null, "created users", $context); } if ($this->dRemoved + $this->gRemoved > 0) { $plugin->log(null, "Removed Users: "); $plugin->log(null, $this->dRemovedUsers . " " . $this->gRemovedUsers); + $context = [ + "dRemovedUsers" => $this->dRemovedUsers, + "gRemovedUsers" => $this->gRemovedUsers + ]; + $plugin->stdLog(null, "removed users", $context); } //Print and log the managers assignments"s information @@ -359,21 +418,30 @@ class ldapadvancedClassCron $plugin->frontEndShow("TEXT", $logResults); $plugin->log(null, $logResults); + $context = [ + "created" => count($newManagers) - count($movedManagers), + "moved" => count($movedManagers), + "removed" => count($deletedManagers) - count($movedManagers) + $this->deletedManager + ]; + $plugin->stdLog(null, "managers assignments", $context); //Update Users data based on the LDAP Server $plugin->usersUpdateData($arrayAuthenticationSourceData["AUTH_SOURCE_UID"]); } catch (Exception $e) { + $plugin = new LdapAdvanced(); $message = $e->getMessage(); $context = [ 'action' => 'ldapSynchronize', 'authSource' => $arrayAuthenticationSourceData ]; + $plugin->stdLog(null, $message, $context, "error"); Log::channel(':ldapSynchronize')->error($message, Bootstrap::context($context)); } } $plugin->frontEndShow("END"); $plugin->debugLog("END"); + $plugin->stdLog(null, "cron execution finalized"); } public function array_diff_assoc_recursive($array1, $array2) @@ -423,6 +491,12 @@ class ldapadvancedClassCron } } } catch (Exception $e) { + $plugin = new LdapAdvanced(); + $message = $e->getMessage(); + $context = [ + "trace" => $e->getTrace() + ]; + $plugin->stdLog(null, $message, $context, "error"); throw $e; } } @@ -438,15 +512,23 @@ class ldapadvancedClassCron $group->removeUserOfGroup($groupUid, $userUid); } } catch (Exception $e) { + $plugin = new LdapAdvanced(); + $message = $e->getMessage(); + $context = [ + "trace" => $e->getTrace() + ]; + $plugin->stdLog(null, $message, $context, "error"); throw $e; } } public function departmentSynchronizeUsers($ldapAdvanced, $numDepartments, $count, array $arrayDepartmentData) { + $plugin = new LdapAdvanced(); try { $ldapAdvanced->debugLog("ldapadvanced.php > function departmentSynchronizeUsers() > START"); $ldapAdvanced->debugLog("ldapadvanced.php > function departmentSynchronizeUsers() > \$arrayDepartmentData ---->\n" . print_r($arrayDepartmentData, true)); + $plugin->stdLog(null, "department synchronize users started", ["result" => $arrayDepartmentData]); //Get users from ProcessMaker tables (for this Department) $ldapAdvanced->setArrayDepartmentUsers($arrayDepartmentData["DEP_UID"]); //INITIALIZE DATA @@ -515,19 +597,28 @@ class ldapadvancedClassCron $this->dRemovedUsers = ""; $ldapAdvanced->debugLog("ldapadvanced.php > function departmentSynchronizeUsers() > END"); + $plugin->stdLog(null, "department synchronize users finalized"); //Return all UID of Users synchronized in the Department (Return all UID of Users of this Department) return $arrayUserUid; } catch (Exception $e) { + $plugin = new LdapAdvanced(); + $message = $e->getMessage(); + $context = [ + "trace" => $e->getTrace() + ]; + $plugin->stdLog(null, $message, $context, "error"); throw $e; } } public function groupSynchronizeUsers($ldapAdvanced, $numGroups, $count, array $arrayGroupData) { + $plugin = new LdapAdvanced(); try { $ldapAdvanced->debugLog("ldapadvanced.php > function groupSynchronizeUsers() > START"); $ldapAdvanced->debugLog("ldapadvanced.php > function groupSynchronizeUsers() > \$arrayGroupData ---->\n" . print_r($arrayGroupData, true)); + $plugin->stdLog(null, "group synchronize users started", ["result" => $arrayGroupData]); //Get users from ProcessMaker tables (for this Group) $ldapAdvanced->setArrayGroupUsers($arrayGroupData["GRP_UID"]); //INITIALIZE DATA @@ -596,10 +687,17 @@ class ldapadvancedClassCron $this->gRemovedUsers = ""; $ldapAdvanced->debugLog("ldapadvanced.php > function groupSynchronizeUsers() > END"); + $plugin->stdLog(null, "group synchronize users finalized"); //Return all UID of Users synchronized in the Group (Return all UID of Users of this Group) return $arrayUserUid; } catch (Exception $e) { + $plugin = new LdapAdvanced(); + $message = $e->getMessage(); + $context = [ + "trace" => $e->getTrace() + ]; + $plugin->stdLog(null, $message, $context, "error"); throw $e; } }