fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-623 "El feature enterprise 'LdapAdvanced' no retorna todos lo objetos" SOLVED

Browse Source 
Issue:
    El feature enterprise "LdapAdvanced" no retorna todos lo objetos
Cause:
    En el server ActiveDirectory se tiene mas de 1000 departamentos
Solution:
    Se completo el uso de la funcion "ldap_control_paged_result" en:
        - ADMIN > Users > AuthenticationSources > SynchronizeDepartments
        - ADMIN > Users > AuthenticationSources > SynchronizeGroups
Note:
    Los AuthenticationSources ya registrados deberan ser editados (no hacer cambios) y guardados nuevamente
This commit is contained in:
Victor Saisa Lopez
2016-04-14 13:15:17 -04:00
parent a51721f684
commit ca8a74fdf7
3 changed files with 230 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
workflow/engine/bin/cron_single.php
View File

@@ -112,7 +112,6 @@ try {
define('DEBUG_CALENDAR_LOG', $arraySystemConfiguration['debug_calendar']); define('DEBUG_CALENDAR_LOG', $arraySystemConfiguration['debug_calendar']);
define('MEMCACHED_ENABLED', $arraySystemConfiguration['memcached']); define('MEMCACHED_ENABLED', $arraySystemConfiguration['memcached']);
define('MEMCACHED_SERVER', $arraySystemConfiguration['memcached_server']); define('MEMCACHED_SERVER', $arraySystemConfiguration['memcached_server']);
define('TIME_ZONE', ini_get('date.timezone'));
//require_once(PATH_GULLIVER . PATH_SEP . 'class.bootstrap.php'); //require_once(PATH_GULLIVER . PATH_SEP . 'class.bootstrap.php');
//define('PATH_GULLIVER_HOME', PATH_TRUNK . 'gulliver' . PATH_SEP); //define('PATH_GULLIVER_HOME', PATH_TRUNK . 'gulliver' . PATH_SEP);

337
workflow/engine/classes/class.ldapAdvanced.php
View File

@@ -493,10 +493,10 @@ class ldapAdvanced
$ldapErrorNr = 0; $ldapErrorNr = 0;
if ($link != null) { if ($link != null) {
$ldapErrorNr = @ldap_errno($link); $ldapErrorNr = ldap_errno($link);
if ( $ldapErrorNr != 0 ) { if ( $ldapErrorNr != 0 ) {
$ldapErrorMsg = @ldap_error($link); $ldapErrorMsg = ldap_error($link);
$text = $ldapErrorMsg . " : " . $text; $text = $ldapErrorMsg . " : " . $text;
} }
} }
@@ -544,27 +544,24 @@ class ldapAdvanced
} }
} }
$ldapcnn = @ldap_connect($aAuthSource["AUTH_SOURCE_SERVER_NAME"], $aAuthSource["AUTH_SOURCE_PORT"]); $ldapcnn = ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], $aAuthSource['AUTH_SOURCE_PORT']);
$ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"] ; $ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"] ;
@ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, $aAuthSource["AUTH_SOURCE_VERSION"]); ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
//$this->log($ldapcnn, "ldap set Protocol Version " . $aAuthSource["AUTH_SOURCE_VERSION"]); ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
@ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
//$this->log($ldapcnn, "ldap set option Referrals");
if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) { if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) {
@ldap_start_tls($ldapcnn); ldap_start_tls($ldapcnn);
$ldapServer = "TLS " . $ldapServer; $ldapServer = "TLS " . $ldapServer;
//$this->log($ldapcnn, "start tls"); //$this->log($ldapcnn, "start tls");
} }
if ($aAuthSource["AUTH_ANONYMOUS"] == "1") { if ($aAuthSource["AUTH_ANONYMOUS"] == "1") {
$bBind = @ldap_bind($ldapcnn); $bBind = ldap_bind($ldapcnn);
$this->log($ldapcnn, "bind $ldapServer like anonymous user"); $this->log($ldapcnn, "bind $ldapServer like anonymous user");
} else { } else {
$bBind = @ldap_bind($ldapcnn, $aAuthSource["AUTH_SOURCE_SEARCH_USER"], $aAuthSource["AUTH_SOURCE_PASSWORD"]); $bBind = ldap_bind($ldapcnn, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']);
$this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]); $this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]);
} }
@@ -587,9 +584,9 @@ class ldapAdvanced
try { try {
$arrayAttributes = array(); $arrayAttributes = array();
$arrayAttributes["dn"] = @ldap_get_dn($ldapcnn, $entry); $arrayAttributes['dn'] = ldap_get_dn($ldapcnn, $entry);
$arrayAux = @ldap_get_attributes($ldapcnn, $entry); $arrayAux = ldap_get_attributes($ldapcnn, $entry);
for ($i = 0; $i <= $arrayAux["count"] - 1; $i++) { for ($i = 0; $i <= $arrayAux["count"] - 1; $i++) {
$key = strtolower($arrayAux[$i]); $key = strtolower($arrayAux[$i]);
@@ -641,7 +638,7 @@ class ldapAdvanced
if ($searchResult) { if ($searchResult) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK");
$numEntries = @ldap_count_entries($ldapcnn, $searchResult); $numEntries = ldap_count_entries($ldapcnn, $searchResult);
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK > \$numEntries ----> $numEntries"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK > \$numEntries ----> $numEntries");
@@ -650,7 +647,7 @@ class ldapAdvanced
if ($numEntries > 0) { if ($numEntries > 0) {
$this->log($ldapcnn, "Search $dn accounts with identifier = $uidUserIdentifier"); $this->log($ldapcnn, "Search $dn accounts with identifier = $uidUserIdentifier");
$entry = @ldap_first_entry($ldapcnn, $searchResult); $entry = ldap_first_entry($ldapcnn, $searchResult);
do { do {
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry); $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -682,7 +679,7 @@ class ldapAdvanced
//Progress bar //Progress bar
$this->frontEndShow("BAR", "Departments: " . $arrayData["i"] . "/" . $arrayData["n"] . " " . $this->progressBar($totalUser, $countUser)); $this->frontEndShow("BAR", "Departments: " . $arrayData["i"] . "/" . $arrayData["n"] . " " . $this->progressBar($totalUser, $countUser));
} }
} while ($entry = @ldap_next_entry($ldapcnn, $entry)); } while ($entry = ldap_next_entry($ldapcnn, $entry));
} }
} }
@@ -729,12 +726,8 @@ class ldapAdvanced
$ldapcnn = $this->ldapcnn; $ldapcnn = $this->ldapcnn;
//Get Users //Get Users
$recordSize = 1000; $limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
$flagError = false;
$flagGetUsers = true;
$flagLdapControlPagedResult = $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["LDAP_TYPE"] == "ad" && function_exists("ldap_control_paged_result");
$flagNextRecord = false;
if (!isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"])) { if (!isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"])) {
$arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = ""; $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
@@ -748,22 +741,15 @@ class ldapAdvanced
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
if ($flagLdapControlPagedResult) { $cookie = '';
ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
$cookie = "";
}
do { do {
if ($flagLdapControlPagedResult) { ldap_control_paged_result($ldapcnn, $limit, true, $cookie);
ldap_control_paged_result($ldapcnn, $recordSize, true, $cookie);
}
$searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser); $searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
//$searchResult = @ldap_search($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
if ($error = @ldap_errno($ldapcnn)) { if ($error = ldap_errno($ldapcnn)) {
$flagGetUsers = false; $flagError = true;
} else { } else {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK");
@@ -777,15 +763,11 @@ class ldapAdvanced
} }
} }
if ($flagLdapControlPagedResult) {
ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie); ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
} while (($cookie !== null && $cookie != '') && !$flagError);
$flagNextRecord = $cookie !== null && $cookie != "";
}
} while ($flagLdapControlPagedResult && $flagNextRecord);
//Get Users //2 //Get Users //2
if (!$flagGetUsers) { if ($flagError) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > Search by characters > START"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > Search by characters > START");
foreach ($this->characters() as $value) { foreach ($this->characters() as $value) {
@@ -799,10 +781,8 @@ class ldapAdvanced
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
$searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser); $searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
//$searchResult = @ldap_search($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
if ($error = @ldap_errno($ldapcnn)) { if ($error = ldap_errno($ldapcnn)) {
//
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > ERROR > \$error ---->\n" . print_r($error, true)); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > ERROR > \$error ---->\n" . print_r($error, true));
} else { } else {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK");
@@ -880,8 +860,7 @@ class ldapAdvanced
$searchResult = @ldap_search($ldapcnn, $dn, $filter, array($memberAttribute)); $searchResult = @ldap_search($ldapcnn, $dn, $filter, array($memberAttribute));
if ($error = @ldap_errno($ldapcnn)) { if ($error = ldap_errno($ldapcnn)) {
//
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > ERROR > \$error ---->\n" . print_r($error, true)); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > ERROR > \$error ---->\n" . print_r($error, true));
} else { } else {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK1"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK1");
@@ -889,12 +868,12 @@ class ldapAdvanced
if ($searchResult) { if ($searchResult) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2");
$numEntries = @ldap_count_entries($ldapcnn, $searchResult); $numEntries = ldap_count_entries($ldapcnn, $searchResult);
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > \$numEntries ----> $numEntries"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > \$numEntries ----> $numEntries");
if ($numEntries > 0) { if ($numEntries > 0) {
$entry = @ldap_first_entry($ldapcnn, $searchResult); $entry = ldap_first_entry($ldapcnn, $searchResult);
$arrayGroupMemberLdap = $this->ldapGetAttributes($ldapcnn, $entry); $arrayGroupMemberLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -928,8 +907,7 @@ class ldapAdvanced
//Synchronize User //Synchronize User
$searchResult2 = @ldap_search($ldapcnn, $member, $filter2, $this->arrayAttributesForUser); $searchResult2 = @ldap_search($ldapcnn, $member, $filter2, $this->arrayAttributesForUser);
if ($error = @ldap_errno($ldapcnn)) { if ($error = ldap_errno($ldapcnn)) {
//
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > ERROR > \$error ---->\n" . print_r($error, true)); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > ERROR > \$error ---->\n" . print_r($error, true));
} else { } else {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK1"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK1");
@@ -937,12 +915,12 @@ class ldapAdvanced
if ($searchResult2) { if ($searchResult2) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2");
$numEntries2 = @ldap_count_entries($ldapcnn, $searchResult2); $numEntries2 = ldap_count_entries($ldapcnn, $searchResult2);
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2 > \$numEntries2 ----> $numEntries2"); $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2 > \$numEntries2 ----> $numEntries2");
if ($numEntries2 > 0) { if ($numEntries2 > 0) {
$entry2 = @ldap_first_entry($ldapcnn, $searchResult2); $entry2 = ldap_first_entry($ldapcnn, $searchResult2);
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry2); $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry2);
@@ -1313,15 +1291,15 @@ class ldapAdvanced
$oSearch = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd)); $oSearch = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));
if ($oError = @ldap_errno($ldapcnn)) { if ($oError = ldap_errno($ldapcnn)) {
$this->log($ldapcnn, "Error in Search users"); $this->log($ldapcnn, "Error in Search users");
} else { } else {
if ($oSearch) { if ($oSearch) {
$entries = @ldap_count_entries($ldapcnn, $oSearch); $entries = ldap_count_entries($ldapcnn, $oSearch);
$totalUser = $entries; $totalUser = $entries;
if ( $entries > 0) { if ( $entries > 0) {
$oEntry = @ldap_first_entry($ldapcnn, $oSearch); $oEntry = ldap_first_entry($ldapcnn, $oSearch);
$countEntries=0; $countEntries=0;
@@ -1415,7 +1393,7 @@ class ldapAdvanced
$countEntries++; $countEntries++;
} }
} while (($oEntry = @ldap_next_entry($ldapcnn, $oEntry)) && $flagNextRecord); } while (($oEntry = ldap_next_entry($ldapcnn, $oEntry)) && $flagNextRecord);
} }
} }
/* /*
@@ -1486,14 +1464,14 @@ class ldapAdvanced
$searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd)); $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));
if ($error = @ldap_errno($ldapcnn)) { if ($error = ldap_errno($ldapcnn)) {
// //
} else { } else {
if ($searchResult) { if ($searchResult) {
$numEntries = @ldap_count_entries($ldapcnn, $searchResult); $numEntries = ldap_count_entries($ldapcnn, $searchResult);
if ($numEntries > 0) { if ($numEntries > 0) {
$entry = @ldap_first_entry($ldapcnn, $searchResult); $entry = ldap_first_entry($ldapcnn, $searchResult);
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry); $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -1646,54 +1624,66 @@ class ldapAdvanced
*/ */
public function searchDepartments() public function searchDepartments()
{ {
if (!class_exists('RBAC')) { try {
G::LoadSystem('rbac'); $arrayDepartment = [];
}
//Set variables
$rbac = &RBAC::getSingleton(); $rbac = &RBAC::getSingleton();
if (is_null($rbac->authSourcesObj)) { if (is_null($rbac->authSourcesObj)) {
$rbac->authSourcesObj = new AuthenticationSource(); $rbac->authSourcesObj = new AuthenticationSource();
} }
$aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource); $arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
if (is_null($this->ldapcnn)) { if (is_null($this->ldapcnn)) {
$this->ldapcnn = $this->ldapConnection($aAuthSource); $this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
} }
$ldapcnn = $this->ldapcnn; $ldapcnn = $this->ldapcnn;
$sFilter = "(" . $this->arrayObjectClassFilter["department"] . ")"; //Get Departments
$limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
$flagError = false;
$this->log($ldapcnn, "search Departments with Filter: $sFilter"); $filter = '(' . $this->arrayObjectClassFilter['department'] . ')';
$aDepts = array(); $this->log($ldapcnn, 'search Departments with Filter: ' . $filter);
$unitsBase = $this->custom_ldap_explode_dn($aAuthSource['AUTH_SOURCE_BASE_DN']);
$oSearch = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $sFilter, array("dn", "ou"));
if ($oError = @ldap_errno($ldapcnn)) { $unitsBase = $this->custom_ldap_explode_dn($arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN']);
$this->log($ldapcnn, "Error in Search");
return $aDepts;
} else {
if ($oSearch) {
//the first node is root
$node = array();
$node['dn'] = $aAuthSource['AUTH_SOURCE_BASE_DN'];
$node['parent'] = '';
$node['ou'] = 'ROOT';
$node['users'] = '0';
$aDepts[] = $node;
//get departments from the ldap entries $cookie = '';
if (@ldap_count_entries($ldapcnn, $oSearch) > 0) {
$oEntry = @ldap_first_entry($ldapcnn, $oSearch);
do { do {
$aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry); ldap_control_paged_result($ldapcnn, $limit, true, $cookie);
$unitsEqual = $this->custom_ldap_explode_dn($aAttr['dn']);
if ( count($unitsEqual ) == 1 && $unitsEqual[0] == '' ) { $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'ou']);
if ($error = ldap_errno($ldapcnn)) {
$this->log($ldapcnn, 'Error in Search');
$flagError = true;
} else {
if ($searchResult) {
//The first node is root
if (empty($arrayDepartment)) {
$arrayDepartment[] = [
'dn' => $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'],
'parent' => '',
'ou' => 'ROOT',
'users' => 0
];
}
//Get departments from the ldap entries
if (ldap_count_entries($ldapcnn, $searchResult) > 0) {
$entry = ldap_first_entry($ldapcnn, $searchResult);
do {
$arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
$unitsEqual = $this->custom_ldap_explode_dn($arrayEntryData['dn']);
if (count($unitsEqual) == 1 && $unitsEqual[0] == '') {
continue; continue;
} }
@@ -1701,28 +1691,34 @@ class ldapAdvanced
unset($unitsEqual[0]); unset($unitsEqual[0]);
} }
if ( isset( $aAttr['ou'] ) && !is_array($aAttr['ou']) ) { if (isset($arrayEntryData['ou']) && !is_array($arrayEntryData['ou'])) {
$node = array(); $arrayDepartment[] = [
$node['dn'] = $aAttr['dn']; 'dn' => $arrayEntryData['dn'],
$node['parent'] = isset ($unitsEqual[1]) ? implode(',', $unitsEqual) : ''; 'parent' => (isset($unitsEqual[1]))? implode(',', $unitsEqual) : '',
$node['ou'] = trim($aAttr['ou']); 'ou' => trim($arrayEntryData['ou']),
$node['users'] = '0'; 'users' => 0
$aDepts[] = $node; ];
}
} while ($entry = ldap_next_entry($ldapcnn, $entry));
} }
} while ($oEntry = @ldap_next_entry($ldapcnn, $oEntry));
//$this->createDepartments ($aDepts);
} }
} }
$sDeptos = ''; ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
} while (($cookie !== null && $cookie != '') && !$flagError);
foreach ($aDepts as $dep) { $str = '';
$sDeptos .= ' ' . $dep['ou'];
foreach ($arrayDepartment as $dep) {
$str .= ' ' . $dep['ou'];
} }
$this->log($ldapcnn, "found ". count($aDepts) . " departments: $sDeptos"); $this->log($ldapcnn, 'found '. count($arrayDepartment) . ' departments: ' . $str);
return $aDepts; //Return
return $arrayDepartment;
} catch (Exception $e) {
throw $e;
} }
} }
@@ -1749,18 +1745,18 @@ class ldapAdvanced
$oSearch = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $dFilter, $this->arrayAttributesForUser); $oSearch = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $dFilter, $this->arrayAttributesForUser);
if ($oError = @ldap_errno($ldapcnn)) { if ($oError = ldap_errno($ldapcnn)) {
return $aUsers; return $aUsers;
} else { } else {
if ($oSearch) { if ($oSearch) {
//get the departments from the ldap entries //get the departments from the ldap entries
if (@ldap_count_entries($ldapcnn, $oSearch) > 0) { if (ldap_count_entries($ldapcnn, $oSearch) > 0) {
$oEntry = @ldap_first_entry($ldapcnn, $oSearch); $oEntry = ldap_first_entry($ldapcnn, $oSearch);
do { do {
$aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry); $aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry);
$aUsers[] = $this->ldapGetUsersFromDepartment("GET", $aAttr["dn"]); $aUsers[] = $this->ldapGetUsersFromDepartment("GET", $aAttr["dn"]);
} while ($oEntry = @ldap_next_entry($ldapcnn, $oEntry)); } while ($oEntry = ldap_next_entry($ldapcnn, $oEntry));
//$this->createDepartments ($aDepts); //$this->createDepartments ($aDepts);
} }
} }
@@ -2275,74 +2271,81 @@ class ldapAdvanced
*/ */
public function searchGroups() public function searchGroups()
{ {
if (!class_exists('RBAC')) { try {
G::LoadSystem('rbac' ); $arrayGroup = [];
}
//Set variables
$rbac = &RBAC::getSingleton(); $rbac = &RBAC::getSingleton();
if (is_null($rbac->authSourcesObj)) { if (is_null($rbac->authSourcesObj)) {
$rbac->authSourcesObj = new AuthenticationSource(); $rbac->authSourcesObj = new AuthenticationSource();
} }
$aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource); $arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
if (is_null($this->ldapcnn)) { if (is_null($this->ldapcnn)) {
$this->ldapcnn = $this->ldapConnection($aAuthSource); $this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
} }
$ldapcnn = $this->ldapcnn; $ldapcnn = $this->ldapcnn;
$filter = "(" . $this->arrayObjectClassFilter["group"] . ")"; //Get Groups
$limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
$flagError = false;
$this->log($ldapcnn, "search groups with Filter: $filter"); $filter = '(' . $this->arrayObjectClassFilter['group'] . ')';
$aGroups = array(); $this->log($ldapcnn, 'search groups with Filter: ' . $filter);
$searchResult = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $filter, array("dn", "cn"));
if ($oError = @ldap_errno($ldapcnn)) { $cookie = '';
$this->log($ldapcnn, "Error in Search");
return $aGroups;
} else {
if ($searchResult) {
//the first node is root
$node = array();
/*$node['dn'] = $aAuthSource['AUTH_SOURCE_BASE_DN'];
$node['parent'] = '';
$node['cn'] = 'ROOT';
$node['users'] = '0';
$aGroups[] = $node;*/
//get groups from the ldap entries
$numEntries = @ldap_count_entries($ldapcnn, $searchResult);
if ($numEntries > 0) {
$entry = @ldap_first_entry($ldapcnn, $searchResult);
do { do {
$aAttr = $this->ldapGetAttributes($ldapcnn, $entry); ldap_control_paged_result($ldapcnn, $limit, true, $cookie);
if ( isset( $aAttr['cn'] ) && !is_array($aAttr['cn']) ) { $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'cn']);
$node = array();
$node['dn'] = $aAttr['dn']; if ($error = ldap_errno($ldapcnn)) {
$node['cn'] = trim($aAttr['cn']); $this->log($ldapcnn, 'Error in Search');
$node['users'] = '0';
$aGroups[] = $node; $flagError = true;
} else {
if ($searchResult) {
//Get groups from the ldap entries
$countEntries = ldap_count_entries($ldapcnn, $searchResult);
if ($countEntries > 0) {
$entry = ldap_first_entry($ldapcnn, $searchResult);
do {
$arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
if (isset($arrayEntryData['cn']) && !is_array($arrayEntryData['cn'])) {
$arrayGroup[] = [
'dn' => $arrayEntryData['dn'],
'cn' => trim($arrayEntryData['cn']),
'users' => 0,
];
}
} while ($entry = ldap_next_entry($ldapcnn, $entry));
} }
} while ($entry = @ldap_next_entry($ldapcnn, $entry));
} }
} }
$sGroups = ''; ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
} while (($cookie !== null && $cookie != '') && !$flagError);
foreach ($aGroups as $group) { $str = '';
$sGroups .= ' ' . $group['cn'];
foreach ($arrayGroup as $group) {
$str .= ' ' . $group['cn'];
} }
$this->log($ldapcnn, "found ". count($aGroups) . " groups: $sGroups"); $this->log($ldapcnn, 'found '. count($arrayGroup) . ' groups: ' . $str);
return $aGroups; //Return
return $arrayGroup;
} catch (Exception $e) {
throw $e;
} }
} }
@@ -2750,11 +2753,11 @@ class ldapAdvanced
$searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, array_values($arrayAttributesToSync))); $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, array_values($arrayAttributesToSync)));
if ($error = @ldap_errno($ldapcnn)) { if ($error = ldap_errno($ldapcnn)) {
// //
} else { } else {
if ($searchResult) { if ($searchResult) {
$numEntries = @ldap_count_entries($ldapcnn, $searchResult); $numEntries = ldap_count_entries($ldapcnn, $searchResult);
if ($numEntries > 0) { if ($numEntries > 0) {
//Default attributes to sync //Default attributes to sync
@@ -2793,7 +2796,7 @@ class ldapAdvanced
} }
//Get Users from LDAP Server //Get Users from LDAP Server
$entry = @ldap_first_entry($ldapcnn, $searchResult); $entry = ldap_first_entry($ldapcnn, $searchResult);
do { do {
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry); $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -2856,7 +2859,7 @@ class ldapAdvanced
} }
} }
} }
} while ($entry = @ldap_next_entry($ldapcnn, $entry)); } while ($entry = ldap_next_entry($ldapcnn, $entry));
} }
} }
} }
@@ -2895,7 +2898,7 @@ class ldapAdvanced
$ldapcnn = $this->ldapcnn; $ldapcnn = $this->ldapcnn;
//Update Users //Update Users
$recordSize = 1000; //$recordStart $limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
$count = 0; $count = 0;
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid"; $uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
@@ -2911,7 +2914,7 @@ class ldapAdvanced
$filterUsers .= "($uidUserIdentifier=" . $arrayUserData["USR_USERNAME"] . ")"; $filterUsers .= "($uidUserIdentifier=" . $arrayUserData["USR_USERNAME"] . ")";
$arrayUserUid[] = $arrayUserData["USR_UID"]; $arrayUserUid[] = $arrayUserData["USR_UID"];
if ($count == $recordSize) { if ($count == $limit) {
list($totalUser, $countUser) = $this->ldapUsersUpdateData($ldapcnn, $arrayAuthenticationSourceData, $filterUsers, $arrayUserUid, array("totalUser" => $totalUser, "countUser" => $countUser)); list($totalUser, $countUser) = $this->ldapUsersUpdateData($ldapcnn, $arrayAuthenticationSourceData, $filterUsers, $arrayUserUid, array("totalUser" => $totalUser, "countUser" => $countUser));
$count = 0; $count = 0;
@@ -2928,5 +2931,39 @@ class ldapAdvanced
throw $e; throw $e;
} }
} }
/**
* Get page size limit for a search result
*
* @param resource $ldapcnn LDAP link identifier
* @param string $baseDn The base DN for the directory
*
* @return int Returns the page size limit for a search result
*/
public function getPageSizeLimit($ldapcnn, $baseDn = '')
{
try {
$limit = 1000;
if ($ldapcnn === false) {
return $limit;
}
$searchResult = @ldap_search($ldapcnn, $baseDn, '(|(objectclass=*))', ['dn']);
if ($searchResult) {
$countEntries = ldap_count_entries($ldapcnn, $searchResult);
if ($countEntries > 0) {
$limit = ($countEntries > $limit)? $limit : $countEntries;
}
}
//Return
return $limit;
} catch (Exception $e) {
throw $e;
}
}
} }

19
workflow/engine/methods/authSources/ldapAdvancedProxy.php
View File

@@ -149,7 +149,25 @@ switch ($function) {
unset($aData['AUTH_SOURCE_GRID_ATTRIBUTE']); unset($aData['AUTH_SOURCE_GRID_ATTRIBUTE']);
unset($aData['AUTH_SOURCE_SHOWGRID']); unset($aData['AUTH_SOURCE_SHOWGRID']);
} }
$aFields['AUTH_SOURCE_DATA'] = $aData; $aFields['AUTH_SOURCE_DATA'] = $aData;
//LDAP_PAGE_SIZE_LIMIT
$ldapAdvanced = new ldapAdvanced();
try {
$arrayAuthenticationSourceData = $aFields;
$arrayAuthenticationSourceData['AUTH_SOURCE_VERSION'] = 3;
$aFields['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'] = $ldapAdvanced->getPageSizeLimit(
$ldapAdvanced->ldapConnection($arrayAuthenticationSourceData),
$arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN']
);
} catch (Exception $e) {
$aFields['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'] = $ldapAdvanced->getPageSizeLimit(false);
}
//Save
if ($aFields['AUTH_SOURCE_UID'] == '') { if ($aFields['AUTH_SOURCE_UID'] == '') {
$RBAC->createAuthSource( $aFields ); $RBAC->createAuthSource( $aFields );
} else { } else {
@@ -327,6 +345,7 @@ switch ($function) {
} }
$arrayAuthenticationSourceData = $_POST; $arrayAuthenticationSourceData = $_POST;
$arrayAuthenticationSourceData['AUTH_SOURCE_VERSION'] = 3;
//Test connection //Test connection
$ldapAdvanced = new ldapAdvanced(); $ldapAdvanced = new ldapAdvanced();