fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-778 "Cuando un grupo tiene 1500 usuarios, los mismos no son..." SOLVED

Browse Source 
Issue:
    Cuando un grupo tiene 1500 usuarios, los mismos no son importados con el LDAP Advanced feature
Cause:
    Al ejecutar el ldapcron.php no existe paginacion para los miembros de un grupo (ActiveDirectory)
Solution:
    Se completa la paginacion para los miembros de un grupo al ejecutar el ldapcron.php (ActiveDirectory)
This commit is contained in:
Victor Saisa Lopez
2016-04-18 18:57:58 -04:00
parent 2951912654
commit 82d7e685c8
1 changed files with 142 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
workflow/engine/classes/class.ldapAdvanced.php
View File

@@ -552,16 +552,16 @@ class ldapAdvanced
ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0); ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) { if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) {
ldap_start_tls($ldapcnn); @ldap_start_tls($ldapcnn);
$ldapServer = "TLS " . $ldapServer; $ldapServer = "TLS " . $ldapServer;
//$this->log($ldapcnn, "start tls"); //$this->log($ldapcnn, "start tls");
} }
if ($aAuthSource["AUTH_ANONYMOUS"] == "1") { if ($aAuthSource["AUTH_ANONYMOUS"] == "1") {
$bBind = ldap_bind($ldapcnn); $bBind = @ldap_bind($ldapcnn);
$this->log($ldapcnn, "bind $ldapServer like anonymous user"); $this->log($ldapcnn, "bind $ldapServer like anonymous user");
} else { } else {
$bBind = ldap_bind($ldapcnn, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']); $bBind = @ldap_bind($ldapcnn, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']);
$this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]); $this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]);
} }
@@ -819,6 +819,93 @@ class ldapAdvanced
} }
} }
/**
* Synchronize Group's members
*
* @param resource $ldapcnn LDAP link identifier
* @param array $arrayAuthSourceData Authentication Source Data
* @param string $groupUid Unique id of Group
* @param array $arrayGroupLdap LDAP Group
* @param string $memberAttribute Member attribute
* @param array $arrayData Data
*
* @return array Return array data
*/
private function __ldapGroupSynchronizeMembers(
$ldapcnn,
array $arrayAuthSourceData,
$groupUid,
array $arrayGroupLdap,
$memberAttribute,
array $arrayData = []
) {
try {
unset($arrayData['countMembers']);
//Get members
if (!isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_USERS_FILTER'])) {
$arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_USERS_FILTER'] = '';
}
$uidUserIdentifier = (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER']))?
$arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'] : 'uid';
$filterUsers = trim($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_USERS_FILTER']);
$filter = ($filterUsers != '')? $filterUsers : '(' . $this->arrayObjectClassFilter['user'] . ')';
if (isset($arrayGroupLdap[$memberAttribute])) {
if (!is_array($arrayGroupLdap[$memberAttribute])) {
$arrayGroupLdap[$memberAttribute] = [$arrayGroupLdap[$memberAttribute]];
}
$arrayData['countMembers'] = count($arrayGroupLdap[$memberAttribute]);
$arrayData['totalUser'] += $arrayData['countMembers'];
//Synchronize members
foreach ($arrayGroupLdap[$memberAttribute] as $value) {
$member = $value; //User DN
$searchResult = @ldap_search($ldapcnn, $member, $filter, $this->arrayAttributesForUser);
if ($error = ldap_errno($ldapcnn)) {
//
} else {
if ($searchResult) {
if (ldap_count_entries($ldapcnn, $searchResult) > 0) {
$entry = ldap_first_entry($ldapcnn, $searchResult);
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : '';
$arrayData['countUser']++;
if ((is_array($username) && !empty($username)) || trim($username) != '') {
$arrayData = $this->groupSynchronizeUser(
$groupUid, $this->getUserDataFromAttribute($username, $arrayUserLdap), $arrayData
);
}
//Progress bar
$this->frontEndShow(
'BAR',
'Groups: ' . $arrayData['i'] . '/' . $arrayData['n'] . ' ' .
$this->progressBar($arrayData['totalUser'], $arrayData['countUser'])
);
}
}
}
}
}
//Return
return $arrayData;
} catch (Exception $e) {
throw $e;
}
}
/** /**
* Get Users from Group * Get Users from Group
* *
@@ -875,67 +962,73 @@ class ldapAdvanced
if ($numEntries > 0) { if ($numEntries > 0) {
$entry = ldap_first_entry($ldapcnn, $searchResult); $entry = ldap_first_entry($ldapcnn, $searchResult);
$arrayGroupMemberLdap = $this->ldapGetAttributes($ldapcnn, $entry); $arrayGroupLdap = $this->ldapGetAttributes($ldapcnn, $entry);
if (isset($arrayGroupMemberLdap[$memberAttribute])) { //Syncronize members
if (!is_array($arrayGroupMemberLdap[$memberAttribute])) { $flagMemberRange = false;
$arrayGroupMemberLdap[$memberAttribute] = array($arrayGroupMemberLdap[$memberAttribute]);
$memberAttribute2 = $memberAttribute;
if (isset($arrayGroupLdap[$memberAttribute]) && empty($arrayGroupLdap[$memberAttribute])) {
foreach ($arrayGroupLdap as $key => $value) {
if (preg_match('/^member;range=\d+\-\d+$/i', $key)) {
$memberAttribute2 = $key;
$flagMemberRange = true;
break;
}
} }
}
$totalUser = count($arrayGroupMemberLdap[$memberAttribute]); $arrayData = $this->__ldapGroupSynchronizeMembers(
$ldapcnn,
$arrayAuthenticationSourceData,
$arrayGroupData['GRP_UID'],
$arrayGroupLdap,
$memberAttribute2,
array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
);
//Get Users $totalUser = $arrayData['totalUser'];
if (!isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"])) { $countUser = $arrayData['countUser'];
$arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
}
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid"; $limitMemberRange = (isset($arrayData['countMembers']))? $arrayData['countMembers'] : 0;
$filterUsers = trim($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"]); if ($flagMemberRange) {
for ($start = $limitMemberRange; true; $start += $limitMemberRange) {
$end = $start + $limitMemberRange - 1;
$filter2 = ($filterUsers != "")? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")"; $memberAttribute2 = $memberAttribute . ';range=' . $start . '-' . $end;
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > \$filter2 ----> $filter2"); $searchResult = @ldap_search($ldapcnn, $dn, $filter, [$memberAttribute2]);
$this->log($ldapcnn, "Search $dn accounts with identifier = $uidUserIdentifier");
foreach ($arrayGroupMemberLdap[$memberAttribute] as $value) {
$member = $value; //User DN
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > \$member ----> $member");
//Synchronize User
$searchResult2 = @ldap_search($ldapcnn, $member, $filter2, $this->arrayAttributesForUser);
if ($error = ldap_errno($ldapcnn)) { if ($error = ldap_errno($ldapcnn)) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > ERROR > \$error ---->\n" . print_r($error, true)); break;
} else { } else {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK1"); if ($searchResult) {
if (ldap_count_entries($ldapcnn, $searchResult) > 0) {
$entry = ldap_first_entry($ldapcnn, $searchResult);
if ($searchResult2) { $arrayGroupLdap = $this->ldapGetAttributes($ldapcnn, $entry);
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2");
$numEntries2 = ldap_count_entries($ldapcnn, $searchResult2); foreach ($arrayGroupLdap as $key => $value) {
if (preg_match('/^member;range=\d+\-\*$/i', $key)) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2 > \$numEntries2 ----> $numEntries2"); $memberAttribute2 = $key;
break;
if ($numEntries2 > 0) { }
$entry2 = ldap_first_entry($ldapcnn, $searchResult2);
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry2);
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : "";
$countUser++;
if ((is_array($username) && !empty($username)) || trim($username) != "") {
$arrayUserData = $this->getUserDataFromAttribute($username, $arrayUserLdap);
$arrayData = $this->groupSynchronizeUser($arrayGroupData["GRP_UID"], $arrayUserData, $arrayData);
} }
//Progress bar $arrayData = $this->__ldapGroupSynchronizeMembers(
$this->frontEndShow("BAR", "Groups: " . $arrayData["i"] . "/" . $arrayData["n"] . " " . $this->progressBar($totalUser, $countUser)); $ldapcnn,
$arrayAuthenticationSourceData,
$arrayGroupData['GRP_UID'],
$arrayGroupLdap,
$memberAttribute2,
array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
);
$totalUser = $arrayData['totalUser'];
$countUser = $arrayData['countUser'];
} }
} }
} }